diff options
Diffstat (limited to 'source4/heimdal/lib/asn1')
| -rw-r--r-- | source4/heimdal/lib/asn1/der_get.c | 14 | ||||
| -rw-r--r-- | source4/heimdal/lib/asn1/der_put.c | 9 | ||||
| -rw-r--r-- | source4/heimdal/lib/asn1/krb5.asn1 | 3 | ||||
| -rw-r--r-- | source4/heimdal/lib/asn1/main.c | 6 |
4 files changed, 23 insertions, 9 deletions
diff --git a/source4/heimdal/lib/asn1/der_get.c b/source4/heimdal/lib/asn1/der_get.c index 8144639b9a..aee565040f 100644 --- a/source4/heimdal/lib/asn1/der_get.c +++ b/source4/heimdal/lib/asn1/der_get.c @@ -198,6 +198,13 @@ der_get_bmp_string (const unsigned char *p, size_t len, for (i = 0; i < data->length; i++) { data->data[i] = (p[0] << 8) | p[1]; p += 2; + /* check for NUL in the middle of the string */ + if (data->data[i] == 0 && i != (data->length - 1)) { + free(data->data); + data->data = NULL; + data->length = 0; + return ASN1_BAD_CHARACTER; + } } if (size) *size = len; @@ -222,6 +229,13 @@ der_get_universal_string (const unsigned char *p, size_t len, for (i = 0; i < data->length; i++) { data->data[i] = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; p += 4; + /* check for NUL in the middle of the string */ + if (data->data[i] == 0 && i != (data->length - 1)) { + free(data->data); + data->data = NULL; + data->length = 0; + return ASN1_BAD_CHARACTER; + } } if (size) *size = len; return 0; diff --git a/source4/heimdal/lib/asn1/der_put.c b/source4/heimdal/lib/asn1/der_put.c index 7e71443da5..10fc002334 100644 --- a/source4/heimdal/lib/asn1/der_put.c +++ b/source4/heimdal/lib/asn1/der_put.c @@ -165,7 +165,6 @@ der_put_general_string (unsigned char *p, size_t len, if (len < slen) return ASN1_OVERFLOW; p -= slen; - len -= slen; memcpy (p+1, *str, slen); *size = slen; return 0; @@ -200,7 +199,6 @@ der_put_bmp_string (unsigned char *p, size_t len, if (len / 2 < data->length) return ASN1_OVERFLOW; p -= data->length * 2; - len -= data->length * 2; for (i = 0; i < data->length; i++) { p[1] = (data->data[i] >> 8) & 0xff; p[2] = data->data[i] & 0xff; @@ -218,7 +216,6 @@ der_put_universal_string (unsigned char *p, size_t len, if (len / 4 < data->length) return ASN1_OVERFLOW; p -= data->length * 4; - len -= data->length * 4; for (i = 0; i < data->length; i++) { p[1] = (data->data[i] >> 24) & 0xff; p[2] = (data->data[i] >> 16) & 0xff; @@ -244,7 +241,6 @@ der_put_octet_string (unsigned char *p, size_t len, if (len < data->length) return ASN1_OVERFLOW; p -= data->length; - len -= data->length; memcpy (p+1, data->data, data->length); *size = data->length; return 0; @@ -421,8 +417,7 @@ der_put_length_and_tag (unsigned char *p, size_t len, size_t len_val, e = der_put_tag (p, len, class, type, tag, &l); if(e) return e; - p -= l; - len -= l; + ret += l; *size = ret; return 0; @@ -459,7 +454,7 @@ der_put_bit_string (unsigned char *p, size_t len, if (len < data_size + 1) return ASN1_OVERFLOW; p -= data_size + 1; - len -= data_size + 1; + memcpy (p+2, data->data, data_size); if (data->length && (data->length % 8) != 0) p[1] = 8 - (data->length % 8); diff --git a/source4/heimdal/lib/asn1/krb5.asn1 b/source4/heimdal/lib/asn1/krb5.asn1 index 8edb0fde69..7080b095f8 100644 --- a/source4/heimdal/lib/asn1/krb5.asn1 +++ b/source4/heimdal/lib/asn1/krb5.asn1 @@ -16,7 +16,8 @@ NAME-TYPE ::= INTEGER { KRB5_NT_WELLKNOWN(11), -- Wellknown KRB5_NT_ENT_PRINCIPAL_AND_ID(-130), -- Windows 2000 UPN and SID KRB5_NT_MS_PRINCIPAL(-128), -- NT 4 style name - KRB5_NT_MS_PRINCIPAL_AND_ID(-129) -- NT style name and SID + KRB5_NT_MS_PRINCIPAL_AND_ID(-129), -- NT style name and SID + KRB5_NT_NTLM(-1200) -- NTLM name, realm is domain } -- message types diff --git a/source4/heimdal/lib/asn1/main.c b/source4/heimdal/lib/asn1/main.c index 115c82a9c7..5cef970d78 100644 --- a/source4/heimdal/lib/asn1/main.c +++ b/source4/heimdal/lib/asn1/main.c @@ -142,6 +142,10 @@ main(int argc, char **argv) } arg = calloc(2, sizeof(arg[0])); + if (arg == NULL) { + perror("calloc"); + exit(1); + } arg[0] = option_file; arg[1] = NULL; len = 1; @@ -150,7 +154,7 @@ main(int argc, char **argv) buf[strcspn(buf, "\n\r")] = '\0'; arg = realloc(arg, (len + 2) * sizeof(arg[0])); - if (argv == NULL) { + if (arg == NULL) { perror("malloc"); exit(1); } |