Check for truncated integers: the encoded length may be greater than
the data buffer. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11339 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
@@ -252,6 +252,8 @@ decode_integer (const unsigned char *p, size_t len,
|
||||
p += l;
|
||||
len -= l;
|
||||
ret += l;
|
||||
if (reallen > len)
|
||||
return ASN1_OVERRUN;
|
||||
e = der_get_int (p, reallen, num, &l);
|
||||
if (e) return e;
|
||||
p += l;
|
||||
@@ -279,6 +281,8 @@ decode_unsigned (const unsigned char *p, size_t len,
|
||||
p += l;
|
||||
len -= l;
|
||||
ret += l;
|
||||
if (reallen > len)
|
||||
return ASN1_OVERRUN;
|
||||
e = der_get_unsigned (p, reallen, num, &l);
|
||||
if (e) return e;
|
||||
p += l;
|
||||
|
Reference in New Issue
Block a user