Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
libtasn1.11138
libtasn1-CVE-2016-4008-1.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libtasn1-CVE-2016-4008-1.patch of Package libtasn1.11138
From: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: Mon, 4 Apr 2016 13:06:21 +0000 (+0200) Subject: _asn1_extract_der_octet: catch invalid input cases early X-Git-Tag: libtasn1_4_8~22 X-Git-Url: http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff_plain;h=f435825c0f527a8e52e6ffbc3ad0bc60531d537e;hp=d3ca1b00bd920191f1e15a530a45c19bc3ebd0ef _asn1_extract_der_octet: catch invalid input cases early That is, check the calculated lengths for validity prior to entering a loop. This avoids an infinite recursion. Reported by Pascal Cuoq. --- diff --git a/lib/decoding.c b/lib/decoding.c index 4fa045c..6fd60d0 100644 --- a/lib/decoding.c +++ b/lib/decoding.c @@ -767,10 +767,17 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der, DECR_LEN(der_len, len3); if (len2 == -1) - counter_end = der_len - 2; + { + if (der_len < 2) + return ASN1_DER_ERROR; + counter_end = der_len - 2; + } else counter_end = der_len; + if (counter_end < counter) + return ASN1_DER_ERROR; + while (counter < counter_end) { DECR_LEN(der_len, 1);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor