diff options
author | Stefan Metzmacher <metze@samba.org> | 2010-10-02 10:03:55 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2010-10-04 14:46:40 +0000 |
commit | 59d00fc439e5851f60925febda8d7f7816a44563 (patch) | |
tree | ea6709f227a96b7a56d1c43c450e647756e13224 /lib | |
parent | 42d1a84a360ed56c123bb7bab6340d9e8425a8c0 (diff) | |
download | samba-59d00fc439e5851f60925febda8d7f7816a44563.tar.gz samba-59d00fc439e5851f60925febda8d7f7816a44563.tar.bz2 samba-59d00fc439e5851f60925febda8d7f7816a44563.zip |
lib/util/asn1: let asn1_peek_full_tag() return an error if we fail to parse tag hdr/len
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Oct 4 14:46:40 UTC 2010 on sn-devel-104
Diffstat (limited to 'lib')
-rw-r--r-- | lib/util/asn1.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/lib/util/asn1.c b/lib/util/asn1.c index 7e37fbc91b..7635ce2d88 100644 --- a/lib/util/asn1.c +++ b/lib/util/asn1.c @@ -527,6 +527,18 @@ bool asn1_peek_tag_needed_size(struct asn1_data *data, uint8_t tag, size_t *size data->has_error = false; return false; } + if (n > 4) { + /* + * We should not allow more than 4 bytes + * for the encoding of the tag length. + * + * Otherwise we'd overflow the taglen + * variable on 32 bit systems. + */ + data->ofs = start_ofs; + data->has_error = false; + return false; + } taglen = b; while (n > 1) { if (!asn1_read_uint8(data, &b)) { @@ -1020,7 +1032,7 @@ NTSTATUS asn1_peek_full_tag(DATA_BLOB blob, uint8_t tag, size_t *packet_size) ok = asn1_peek_tag_needed_size(&asn1, tag, &size); if (!ok) { - return STATUS_MORE_ENTRIES; + return NT_STATUS_INVALID_BUFFER_SIZE; } if (size > blob.length) { |