diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-06-08 14:22:44 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-06-08 14:22:46 +0200 |
commit | 9cb29a180ad5fc0d2d728d162062327b6418ddd5 (patch) | |
tree | b59fede245558a91da9100f8309eacd9e69982e3 | |
parent | 1015d1fd053e4bcc792bb41eca225ef3ccc10fc4 (diff) | |
download | libtasn1-9cb29a180ad5fc0d2d728d162062327b6418ddd5.tar.gz |
Allow decoding octet strings with multi-byte tags
Report and initial patch by Tomas Petrilak.
-rw-r--r-- | lib/decoding.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/lib/decoding.c b/lib/decoding.c index bb5f68b..4608cde 100644 --- a/lib/decoding.c +++ b/lib/decoding.c @@ -812,7 +812,8 @@ cleanup: } static int -_asn1_get_octet_string (asn1_node node, const unsigned char *der, int der_len, +get_octet_string (asn1_node node, const unsigned char *der, int der_len, + const unsigned char *tag, unsigned tag_len, int *len, unsigned flags) { int len2, len3, counter, tot_len, indefinite; @@ -821,7 +822,7 @@ _asn1_get_octet_string (asn1_node node, const unsigned char *der, int der_len, counter = 0; - if (*(der - 1) & ASN1_CLASS_STRUCTURED) + if (tag[0] & ASN1_CLASS_STRUCTURED) { tot_len = 0; @@ -1298,7 +1299,15 @@ asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len, move = RIGHT; break; case ASN1_ETYPE_OCTET_STRING: - result = _asn1_get_octet_string (p, der + counter, ider_len, &len3, flags); + if (counter < tag_len) + { + result = ASN1_DER_ERROR; + warn(); + goto cleanup; + } + result = get_octet_string (p, der + counter, ider_len, + der + counter - tag_len, tag_len, + &len3, flags); if (result != ASN1_SUCCESS) { warn(); |