diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-03-26 18:34:57 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-03-26 18:35:04 +0100 |
| commit | 4d4f992826a4962790ecd0cce6fbba4a415ce149 (patch) | |
| tree | ecf38046f66b70760c163490c1b4d32bbe0828b3 | |
| parent | 77068c35a32cc31ba6b3af257921ca90696c7945 (diff) | |
| download | libtasn1-4d4f992826a4962790ecd0cce6fbba4a415ce149.tar.gz | |
increased size of LTOSTR_MAX_SIZE to account for sign and null byte
This address an overflow found by Hanno Böck in DER decoding.
| -rw-r--r-- | lib/parser_aux.c | 4 | ||||
| -rw-r--r-- | lib/parser_aux.h | 5 |
2 files changed, 5 insertions, 4 deletions
diff --git a/lib/parser_aux.c b/lib/parser_aux.c index d3e9009..da9a388 100644 --- a/lib/parser_aux.c +++ b/lib/parser_aux.c @@ -543,7 +543,7 @@ _asn1_delete_list_and_nodes (void) char * -_asn1_ltostr (long v, char *str) +_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE]) { long d, r; char temp[LTOSTR_MAX_SIZE]; @@ -567,7 +567,7 @@ _asn1_ltostr (long v, char *str) count++; v = d; } - while (v); + while (v && ((start+count) < LTOSTR_MAX_SIZE-1)); for (k = 0; k < count; k++) str[k + start] = temp[start + count - k - 1]; diff --git a/lib/parser_aux.h b/lib/parser_aux.h index 55d9061..437f1c8 100644 --- a/lib/parser_aux.h +++ b/lib/parser_aux.h @@ -52,8 +52,9 @@ void _asn1_delete_list (void); void _asn1_delete_list_and_nodes (void); -#define LTOSTR_MAX_SIZE 20 -char *_asn1_ltostr (long v, char *str); +/* Max 64-bit integer length is 20 chars + 1 for sign + 1 for null termination */ +#define LTOSTR_MAX_SIZE 22 +char *_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE]); asn1_node _asn1_find_up (asn1_node node); |