Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
DISCONTINUED:openSUSE:11.1:Update
strongswan
strongswan-4.x.x_asn1_length.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File strongswan-4.x.x_asn1_length.patch of Package strongswan
diff -urN strongswan-4.2.16/src/libstrongswan/asn1/asn1.c strongswan-4.2.17/src/libstrongswan/asn1/asn1.c --- strongswan-4.2.16/src/libstrongswan/asn1/asn1.c 2009-06-19 14:33:30.000000000 +0200 +++ strongswan-4.2.17/src/libstrongswan/asn1/asn1.c 2009-07-20 12:44:51.000000000 +0200 @@ -225,25 +225,32 @@ u_char n; size_t len; - /* advance from tag field on to length field */ - blob->ptr++; - blob->len--; - - /* read first octet of length field */ - n = *blob->ptr++; - blob->len--; + if (blob->len < 2) + { + DBG2("insufficient number of octets to parse ASN.1 length"); + return ASN1_INVALID_LENGTH; + } + + /* read length field, skip tag and length */ + n = blob->ptr[1]; + *blob = chunk_skip(*blob, 2); if ((n & 0x80) == 0) - {/* single length octet */ + { /* single length octet */ + if (n > blob->len) + { + DBG2("length is larger than remaining blob size"); + return ASN1_INVALID_LENGTH; + } return n; } /* composite length, determine number of length octets */ n &= 0x7f; - if (n > blob->len) + if (n == 0 || n > blob->len) { - DBG2("number of length octets is larger than ASN.1 object"); + DBG2("number of length octets invalid"); return ASN1_INVALID_LENGTH; } diff -urN strongswan-4.2.16/src/pluto/asn1.c strongswan-4.2.17/src/pluto/asn1.c --- strongswan-4.2.16/src/pluto/asn1.c 2009-06-19 14:33:30.000000000 +0200 +++ strongswan-4.2.17/src/pluto/asn1.c 2009-07-20 12:46:13.000000000 +0200 @@ -153,6 +153,14 @@ u_char n; size_t len; + if (blob->len < 2) + { + DBG(DBG_PARSING, + DBG_log("insufficient number of octets to parse ASN.1 length") + ) + return ASN1_INVALID_LENGTH; + } + /* advance from tag field on to length field */ blob->ptr++; blob->len--; @@ -161,16 +169,25 @@ n = *blob->ptr++; blob->len--; - if ((n & 0x80) == 0) /* single length octet */ + if ((n & 0x80) == 0) + { /* single length octet */ + if (n > blob->len) + { + DBG(DBG_PARSING, + DBG_log("length is larger than remaining blob size") + ) + return ASN1_INVALID_LENGTH; + } return n; + } /* composite length, determine number of length octets */ n &= 0x7f; - if (n > blob->len) + if (n == 0 || n > blob->len) { DBG(DBG_PARSING, - DBG_log("number of length octets is larger than ASN.1 object") + DBG_log("number of length octets invalid") ) return ASN1_INVALID_LENGTH; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor