Check for truncated integers: the encoded length may be greater than

the data buffer.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11339 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Jacques A. Vidrine
2002-09-03 16:21:49 +00:00
parent c2a12cf859
commit 9cb7b201a4

View File

@@ -252,6 +252,8 @@ decode_integer (const unsigned char *p, size_t len,
p += l;
len -= l;
ret += l;
if (reallen > len)
return ASN1_OVERRUN;
e = der_get_int (p, reallen, num, &l);
if (e) return e;
p += l;
@@ -279,6 +281,8 @@ decode_unsigned (const unsigned char *p, size_t len,
p += l;
len -= l;
ret += l;
if (reallen > len)
return ASN1_OVERRUN;
e = der_get_unsigned (p, reallen, num, &l);
if (e) return e;
p += l;