diff options
author | Lutz Jänicke <jaenicke@openssl.org> | 2002-07-30 13:04:04 +0000 |
---|---|---|
committer | Lutz Jänicke <jaenicke@openssl.org> | 2002-07-30 13:04:04 +0000 |
commit | c046fffa16cd55c972f71c49051b8ce6b83eed7f (patch) | |
tree | f88e3f90a37215466511661e101da6882f8c0836 /crypto/asn1/asn1_lib.c | |
parent | 3aecef76973dbea037ec4e1ceba7ec1bd3fb683a (diff) |
OpenSSL Security Advisory [30 July 2002]
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
Diffstat (limited to 'crypto/asn1/asn1_lib.c')
-rw-r--r-- | crypto/asn1/asn1_lib.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 77447a5240..422685a3b4 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -124,15 +124,13 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, (int)(omax+ *pp)); #endif -#if 0 - if ((p+ *plength) > (omax+ *pp)) + if (*plength > (omax - (*pp - p))) { ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); /* Set this so that even if things are not long enough * the values are set correctly */ ret|=0x80; } -#endif *pp=p; return(ret|inf); err: @@ -159,6 +157,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) i= *p&0x7f; if (*(p++) & 0x80) { + if (i > sizeof(long)) + return 0; if (max-- == 0) return(0); while (i-- > 0) { @@ -170,6 +170,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) else ret=i; } + if (ret < 0) + return 0; *pp=p; *rl=ret; return(1); @@ -407,7 +409,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b) void asn1_add_error(unsigned char *address, int offset) { - char buf1[16],buf2[16]; + char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; sprintf(buf1,"%lu",(unsigned long)address); sprintf(buf2,"%d",offset); |