From ad3ac7e3c0bdf9b93c6b831f29452fd63fe0818b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 20 Sep 2011 18:50:00 -0700 Subject: Try and fix bug #8472 - Crash in asn.1 parsing code. Found by Codenomicon at the SNIA plugfest. Don't keep going in the loop when reading the OIDs fail. Autobuild-User: Jeremy Allison Autobuild-Date: Wed Sep 21 05:24:59 CEST 2011 on sn-devel-104 --- source3/libsmb/clispnego.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index 4581ce4026..d584f9f4ab 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -126,7 +126,12 @@ bool spnego_parse_negTokenInit(TALLOC_CTX *ctx, asn1_start_tag(data,ASN1_CONTEXT(0)); asn1_start_tag(data,ASN1_SEQUENCE(0)); for (i=0; asn1_tag_remaining(data) > 0 && i < ASN1_MAX_OIDS-1; i++) { - asn1_read_OID(data,ctx, &OIDs[i]); + if (!asn1_read_OID(data,ctx, &OIDs[i])) { + break; + } + if (data->has_error) { + break; + } } OIDs[i] = NULL; asn1_end_tag(data); -- cgit