diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-07-13 15:42:08 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-07-13 08:12:17 +0200 |
commit | 1013fab5f82f283335a5d8cbb1bfde8a80d7979c (patch) | |
tree | 8be3f8c0f8665d7a939917d48c5e1318b7e53f43 /lib | |
parent | 15fedb3c6855751678e93e3f4a7e443b0495b1c3 (diff) | |
download | samba-1013fab5f82f283335a5d8cbb1bfde8a80d7979c.tar.gz samba-1013fab5f82f283335a5d8cbb1bfde8a80d7979c.tar.bz2 samba-1013fab5f82f283335a5d8cbb1bfde8a80d7979c.zip |
lib/util: Allocate enough space to reference blob->data[len]
Found by Thomas Hood <jdthood@gmail.com> using valgrind.
Thanks!
Andrew Bartlett
Diffstat (limited to 'lib')
-rw-r--r-- | lib/util/asn1.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/util/asn1.c b/lib/util/asn1.c index c23bf65b8d..70637a3e06 100644 --- a/lib/util/asn1.c +++ b/lib/util/asn1.c @@ -844,7 +844,7 @@ bool asn1_read_OctetString(struct asn1_data *data, TALLOC_CTX *mem_ctx, DATA_BLO return false; } *blob = data_blob_talloc(mem_ctx, NULL, len+1); - if (!blob->data) { + if (!blob->data || blob->length < len) { data->has_error = true; return false; } @@ -927,8 +927,8 @@ bool asn1_read_BitString(struct asn1_data *data, TALLOC_CTX *mem_ctx, DATA_BLOB } if (!asn1_read_uint8(data, padding)) return false; - *blob = data_blob_talloc(mem_ctx, NULL, len); - if (!blob->data) { + *blob = data_blob_talloc(mem_ctx, NULL, len+1); + if (!blob->data || blob->length < len) { data->has_error = true; return false; } |