oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

asn1: Fix open type decode crash (AFL)

Browse Source 
Found with American Fuzzy Lop (AFL).
This commit is contained in:
Nicolas Williams
2021-03-03 10:15:47 -06:00
parent fb5ae095e9
commit a0f542486e
1 changed files with 28 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/asn1/template.c
View File

@@ -624,6 +624,7 @@ _asn1_decode_open_type(const struct asn1_template *t,
const struct heim_base_data *d = DPOC(data, topentype->offset);
void *o;
if (d->data && d->length) {
if ((o = calloc(1, tactual_type->offset)) == NULL)
return ENOMEM;
@@ -653,6 +654,7 @@ _asn1_decode_open_type(const struct asn1_template *t,
} else {
*dp = o;
}
}
return ret;
} else {
const struct heim_base_data * const *d;
@@ -688,7 +690,7 @@ _asn1_decode_open_type(const struct asn1_template *t,
for (i = 0; ret != ENOMEM && i < len; i++) {
if ((val[i] = calloc(len, tactual_type->offset)) == NULL)
ret = ENOMEM;
if (ret == 0)
if (ret == 0 && d[i])
/* Re-enter to decode the encoded open type value */
ret = _asn1_decode(tactual_type->ptr, flags, d[i]->data,
d[i]->length, val[i], &sz);