summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-07-13 15:42:08 +1000
committerAndrew Bartlett <abartlet@samba.org>2012-07-13 08:12:17 +0200
commit1013fab5f82f283335a5d8cbb1bfde8a80d7979c (patch)
tree8be3f8c0f8665d7a939917d48c5e1318b7e53f43 /lib
parent15fedb3c6855751678e93e3f4a7e443b0495b1c3 (diff)
downloadsamba-1013fab5f82f283335a5d8cbb1bfde8a80d7979c.tar.gz
samba-1013fab5f82f283335a5d8cbb1bfde8a80d7979c.tar.bz2
samba-1013fab5f82f283335a5d8cbb1bfde8a80d7979c.zip
lib/util: Allocate enough space to reference blob->data[len]
Found by Thomas Hood <jdthood@gmail.com> using valgrind. Thanks! Andrew Bartlett
Diffstat (limited to 'lib')
-rw-r--r--lib/util/asn1.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/util/asn1.c b/lib/util/asn1.c
index c23bf65b8d..70637a3e06 100644
--- a/lib/util/asn1.c
+++ b/lib/util/asn1.c
@@ -844,7 +844,7 @@ bool asn1_read_OctetString(struct asn1_data *data, TALLOC_CTX *mem_ctx, DATA_BLO
return false;
}
*blob = data_blob_talloc(mem_ctx, NULL, len+1);
- if (!blob->data) {
+ if (!blob->data || blob->length < len) {
data->has_error = true;
return false;
}
@@ -927,8 +927,8 @@ bool asn1_read_BitString(struct asn1_data *data, TALLOC_CTX *mem_ctx, DATA_BLOB
}
if (!asn1_read_uint8(data, padding)) return false;
- *blob = data_blob_talloc(mem_ctx, NULL, len);
- if (!blob->data) {
+ *blob = data_blob_talloc(mem_ctx, NULL, len+1);
+ if (!blob->data || blob->length < len) {
data->has_error = true;
return false;
}