summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/asn1/der_get.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/lib/asn1/der_get.c')
-rw-r--r--source4/heimdal/lib/asn1/der_get.c14
1 files changed, 14 insertions, 0 deletions
diff --git a/source4/heimdal/lib/asn1/der_get.c b/source4/heimdal/lib/asn1/der_get.c
index 8144639b9a..aee565040f 100644
--- a/source4/heimdal/lib/asn1/der_get.c
+++ b/source4/heimdal/lib/asn1/der_get.c
@@ -198,6 +198,13 @@ der_get_bmp_string (const unsigned char *p, size_t len,
for (i = 0; i < data->length; i++) {
data->data[i] = (p[0] << 8) | p[1];
p += 2;
+ /* check for NUL in the middle of the string */
+ if (data->data[i] == 0 && i != (data->length - 1)) {
+ free(data->data);
+ data->data = NULL;
+ data->length = 0;
+ return ASN1_BAD_CHARACTER;
+ }
}
if (size) *size = len;
@@ -222,6 +229,13 @@ der_get_universal_string (const unsigned char *p, size_t len,
for (i = 0; i < data->length; i++) {
data->data[i] = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
p += 4;
+ /* check for NUL in the middle of the string */
+ if (data->data[i] == 0 && i != (data->length - 1)) {
+ free(data->data);
+ data->data = NULL;
+ data->length = 0;
+ return ASN1_BAD_CHARACTER;
+ }
}
if (size) *size = len;
return 0;
generated by cgit (git 2.34.1) at 2024-07-10 15:37:28 +0000