diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-09-15 16:04:57 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-09-15 16:04:57 +0200 |
commit | a9a74e409439088f1d74c1ab51e8f2013a0e020e (patch) | |
tree | b09709bbdc18980c96e0c00260a1b47d4113dc1b | |
parent | 745392ae2a8a97cdd6df583698a959eb3b8553c2 (diff) | |
download | libtasn1-a9a74e409439088f1d74c1ab51e8f2013a0e020e.tar.gz |
enforce the new time tests only in strict DER mode
-rw-r--r-- | lib/decoding.c | 54 |
1 files changed, 28 insertions, 26 deletions
diff --git a/lib/decoding.c b/lib/decoding.c index cdf0b85..e206b93 100644 --- a/lib/decoding.c +++ b/lib/decoding.c @@ -302,41 +302,43 @@ _asn1_get_time_der (unsigned type, const unsigned char *der, int der_len, int *r return ASN1_DER_ERROR; } - p = &der[len_len]; - for (i=0;i<(unsigned)(str_len-1);i++) - { - if (isdigit(p[i]) == 0) + if (flags & ASN1_DECODE_FLAG_STRICT_DER) + { + p = &der[len_len]; + for (i=0;i<(unsigned)(str_len-1);i++) { - if (type == ASN1_ETYPE_GENERALIZED_TIME) + if (isdigit(p[i]) == 0) { - /* tolerate lax encodings */ - if (p[i] == '.' && dot_count == 0) + if (type == ASN1_ETYPE_GENERALIZED_TIME) { - dot_count++; - continue; + /* tolerate lax encodings */ + if (p[i] == '.' && dot_count == 0) + { + dot_count++; + continue; + } + + /* This is not really valid DER, but there are + * structures using that */ + if (!(flags & ASN1_DECODE_FLAG_STRICT_DER) && + (p[i] == '+' || p[i] == '-') && sign_count == 0) + { + sign_count++; + continue; + } } - /* This is not really valid DER, but there are - * structures using that */ - if (!(flags & ASN1_DECODE_FLAG_STRICT_DER) && - (p[i] == '+' || p[i] == '-') && sign_count == 0) - { - sign_count++; - continue; - } + warn(); + return ASN1_DER_ERROR; } - - warn(); - return ASN1_DER_ERROR; } - } - if (sign_count == 0 && p[str_len-1] != 'Z') - { - warn(); - return ASN1_DER_ERROR; + if (sign_count == 0 && p[str_len-1] != 'Z') + { + warn(); + return ASN1_DER_ERROR; + } } - memcpy (str, der + len_len, str_len); str[str_len] = 0; *ret_len = str_len + len_len; |