_asn1_extract_der_octet: check for EOC in octet string decoding

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-04-07 12:43:13 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-04-07 12:45:10 +0200
commit: f42c4a14f2abd3ed06b80970fef5381794a66033 (patch)
tree: 706add545668b193999f0296c9549a5a31c2b770
parent: 39465cb227a122d99dc39be47aadd758980c36b5 (diff)
download: libtasn1-f42c4a14f2abd3ed06b80970fef5381794a66033.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/decoding.c b/lib/decoding.c
index 4fff03e..f2c8142 100644
--- a/lib/decoding.c
+++ b/lib/decoding.c
@@ -799,11 +799,17 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
 	  DECR_LEN(der_len, len3);
 	  result =
 	    _asn1_extract_der_octet (node, der + counter + len3,
-				     der_len, flags, &len2);
+				     der_len, flags|ASN1_DECODE_FLAG_STRICT_DER, &len2);
 	  if (result != ASN1_SUCCESS)
 	    return result;
-
 	  DECR_LEN(der_len, len2);
+
+	  /* check for EOC */
+	  if (der_len < 2 || (der[counter+len3+len2] != 0 && der[counter+len3+len2+1] != 0))
+	    {
+              warn();
+              return ASN1_DER_ERROR;
+	    }
 	}
 
       counter += len2 + len3 + 1;
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-04-07 12:43:13 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-04-07 12:45:10 +0200
commit	f42c4a14f2abd3ed06b80970fef5381794a66033 (patch)
tree	706add545668b193999f0296c9549a5a31c2b770
parent	39465cb227a122d99dc39be47aadd758980c36b5 (diff)
download	libtasn1-f42c4a14f2abd3ed06b80970fef5381794a66033.tar.gz