enforce type checks in asn1_decode_simple_der and ber

2 files changed, 9 insertions, 7 deletions

diff --git a/lib/decoding.c b/lib/decoding.c
index 42ddc6b..6b0aca6 100644
--- a/lib/decoding.c
+++ b/lib/decoding.c
@@ -2110,7 +2110,7 @@ asn1_decode_simple_der (unsigned int etype, const unsigned char *der,
   if (der == NULL || der_len == 0)
     return ASN1_VALUE_NOT_VALID;
 
-  if (ETYPE_OK (etype) == 0)
+  if (ETYPE_OK (etype) == 0 || ETYPE_IS_STRING(etype) == 0)
     return ASN1_VALUE_NOT_VALID;
 
   /* doesn't handle constructed classes */
@@ -2228,12 +2228,7 @@ asn1_decode_simple_ber (unsigned int etype, const unsigned char *der,
   if (der_len <= 0)
     return ASN1_DER_ERROR;
 
-  if (class == ASN1_CLASS_STRUCTURED && (etype == ASN1_ETYPE_GENERALSTRING ||
-      etype == ASN1_ETYPE_NUMERIC_STRING || etype == ASN1_ETYPE_IA5_STRING ||
-      etype == ASN1_ETYPE_TELETEX_STRING || etype == ASN1_ETYPE_PRINTABLE_STRING ||
-      etype == ASN1_ETYPE_UNIVERSAL_STRING || etype == ASN1_ETYPE_BMP_STRING ||
-      etype == ASN1_ETYPE_UTF8_STRING || etype == ASN1_ETYPE_VISIBLE_STRING ||
-      etype == ASN1_ETYPE_OCTET_STRING))
+  if (class == ASN1_CLASS_STRUCTURED && ETYPE_IS_STRING(etype))
     {
 
       len_len = 1;
diff --git a/lib/int.h b/lib/int.h
index 8cc79cc..ee870c7 100644
--- a/lib/int.h
+++ b/lib/int.h
@@ -102,6 +102,13 @@ typedef struct tag_and_class_st
                           etype <= _asn1_tags_size && \
                           _asn1_tags[etype].desc != NULL)?1:0)
 
+#define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \
+	etype == ASN1_ETYPE_NUMERIC_STRING || etype == ASN1_ETYPE_IA5_STRING || \
+	etype == ASN1_ETYPE_TELETEX_STRING || etype == ASN1_ETYPE_PRINTABLE_STRING || \
+	etype == ASN1_ETYPE_UNIVERSAL_STRING || etype == ASN1_ETYPE_BMP_STRING || \
+	etype == ASN1_ETYPE_UTF8_STRING || etype == ASN1_ETYPE_VISIBLE_STRING || \
+	etype == ASN1_ETYPE_OCTET_STRING)?1:0)
+
 extern unsigned int _asn1_tags_size;
 extern const tag_and_class_st _asn1_tags[];