diff options
Diffstat (limited to 'source4/heimdal/lib/asn1/der_get.c')
-rw-r--r-- | source4/heimdal/lib/asn1/der_get.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/source4/heimdal/lib/asn1/der_get.c b/source4/heimdal/lib/asn1/der_get.c index 8144639b9a..aee565040f 100644 --- a/source4/heimdal/lib/asn1/der_get.c +++ b/source4/heimdal/lib/asn1/der_get.c @@ -198,6 +198,13 @@ der_get_bmp_string (const unsigned char *p, size_t len, for (i = 0; i < data->length; i++) { data->data[i] = (p[0] << 8) | p[1]; p += 2; + /* check for NUL in the middle of the string */ + if (data->data[i] == 0 && i != (data->length - 1)) { + free(data->data); + data->data = NULL; + data->length = 0; + return ASN1_BAD_CHARACTER; + } } if (size) *size = len; @@ -222,6 +229,13 @@ der_get_universal_string (const unsigned char *p, size_t len, for (i = 0; i < data->length; i++) { data->data[i] = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; p += 4; + /* check for NUL in the middle of the string */ + if (data->data[i] == 0 && i != (data->length - 1)) { + free(data->data); + data->data = NULL; + data->length = 0; + return ASN1_BAD_CHARACTER; + } } if (size) *size = len; return 0; |