diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-19 11:09:19 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-19 11:10:17 +0100 |
| commit | 403b7f7b8538a54d41f33db52b6e574636157404 (patch) | |
| tree | 5eb456d812145af781ca9a3d25aed799c0bdc4ea | |
| parent | 732d6d8ea317937cf6c2c9a44fb3fa10bff8363e (diff) | |
| download | libtasn1-403b7f7b8538a54d41f33db52b6e574636157404.tar.gz | |
DER decoding: check the return value of _asn1_append_sequence_set
Ensure that the return value of _asn1_append_sequence_set. This
addresses a potential NULL pointer dereference.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/decoding.c | 23 | ||||
| -rw-r--r-- | lib/element.c | 2 |
2 files changed, 21 insertions, 4 deletions
diff --git a/lib/decoding.c b/lib/decoding.c index c2e6027..2abff57 100644 --- a/lib/decoding.c +++ b/lib/decoding.c @@ -1305,7 +1305,12 @@ asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len, { /* indefinite length method */ if (!HAVE_TWO(ider_len) || ((der[counter]) || der[counter + 1])) { - _asn1_append_sequence_set (p, &tcache); + result = _asn1_append_sequence_set (p, &tcache); + if (result != 0) + { + warn(); + goto cleanup; + } p = tcache.tail; move = RIGHT; continue; @@ -1321,7 +1326,12 @@ asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len, { /* definite length method */ if (len2 > counter) { - _asn1_append_sequence_set (p, &tcache); + result = _asn1_append_sequence_set (p, &tcache); + if (result != 0) + { + warn(); + goto cleanup; + } p = tcache.tail; move = RIGHT; continue; @@ -1375,7 +1385,14 @@ asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len, || (type_field (p2->type) == ASN1_ETYPE_SIZE)) p2 = p2->right; if (p2->right == NULL) - _asn1_append_sequence_set (p, &tcache); + { + result = _asn1_append_sequence_set (p, &tcache); + if (result != 0) + { + warn(); + goto cleanup; + } + } p = p2; } } diff --git a/lib/element.c b/lib/element.c index 756e41a..b09f826 100644 --- a/lib/element.c +++ b/lib/element.c @@ -128,7 +128,7 @@ _asn1_convert_integer (const unsigned char *value, unsigned char *value_out, return ASN1_SUCCESS; } -/* Appends a new element into the sequent (or set) defined by this +/* Appends a new element into the sequence (or set) defined by this * node. The new element will have a name of '?number', where number * is a monotonically increased serial number. * |