diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-16 17:05:01 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-16 17:05:22 +0100 |
commit | b3f7ecac48fb3b31f3340a745a4a5cfe947ecd82 (patch) | |
tree | 54e3f93862a0fb516949f674e2c683583d3bd0ed | |
parent | 6ec2a27db5dfabb98777d036f095ca4748a96e50 (diff) | |
download | libtasn1-b3f7ecac48fb3b31f3340a745a4a5cfe947ecd82.tar.gz |
asn1_get_length_ber: pass the correct length to _asn1_get_indefinite_length_string
This addresses reading 1-byte past the end of data.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/decoding.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/decoding.c b/lib/decoding.c index 27a02b3..c2e6027 100644 --- a/lib/decoding.c +++ b/lib/decoding.c @@ -114,7 +114,7 @@ asn1_get_length_der (const unsigned char *der, int der_len, int *len) k = der[0] & 0x7F; punt = 1; if (k) - { /* definite length method */ + { /* definite length method */ ans = 0; while (punt <= k && punt < der_len) { @@ -237,9 +237,9 @@ asn1_get_length_ber (const unsigned char *ber, int ber_len, int *len) long err; ret = asn1_get_length_der (ber, ber_len, len); - if (ret == -1) + if (ret == -1 && ber_len > 1) { /* indefinite length method */ - err = _asn1_get_indefinite_length_string (ber + 1, ber_len, &ret); + err = _asn1_get_indefinite_length_string (ber + 1, ber_len-1, &ret); if (err != ASN1_SUCCESS) return -3; } |