summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2010-10-02 10:03:55 +0200
committerStefan Metzmacher <metze@samba.org>2010-10-04 14:46:40 +0000
commit59d00fc439e5851f60925febda8d7f7816a44563 (patch)
treeea6709f227a96b7a56d1c43c450e647756e13224 /lib
parent42d1a84a360ed56c123bb7bab6340d9e8425a8c0 (diff)
downloadsamba-59d00fc439e5851f60925febda8d7f7816a44563.tar.gz
samba-59d00fc439e5851f60925febda8d7f7816a44563.tar.bz2
samba-59d00fc439e5851f60925febda8d7f7816a44563.zip
lib/util/asn1: let asn1_peek_full_tag() return an error if we fail to parse tag hdr/len
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Oct 4 14:46:40 UTC 2010 on sn-devel-104
Diffstat (limited to 'lib')
-rw-r--r--lib/util/asn1.c14
1 files changed, 13 insertions, 1 deletions
diff --git a/lib/util/asn1.c b/lib/util/asn1.c
index 7e37fbc91b..7635ce2d88 100644
--- a/lib/util/asn1.c
+++ b/lib/util/asn1.c
@@ -527,6 +527,18 @@ bool asn1_peek_tag_needed_size(struct asn1_data *data, uint8_t tag, size_t *size
data->has_error = false;
return false;
}
+ if (n > 4) {
+ /*
+ * We should not allow more than 4 bytes
+ * for the encoding of the tag length.
+ *
+ * Otherwise we'd overflow the taglen
+ * variable on 32 bit systems.
+ */
+ data->ofs = start_ofs;
+ data->has_error = false;
+ return false;
+ }
taglen = b;
while (n > 1) {
if (!asn1_read_uint8(data, &b)) {
@@ -1020,7 +1032,7 @@ NTSTATUS asn1_peek_full_tag(DATA_BLOB blob, uint8_t tag, size_t *packet_size)
ok = asn1_peek_tag_needed_size(&asn1, tag, &size);
if (!ok) {
- return STATUS_MORE_ENTRIES;
+ return NT_STATUS_INVALID_BUFFER_SIZE;
}
if (size > blob.length) {