Overview

File libtasn1-CVE-2015-3622.patch of Package libtasn1

From f979435823a02f842c41d49cd41cc81f25b5d677 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Mon, 20 Apr 2015 14:56:27 +0200
Subject: [PATCH] _asn1_extract_der_octet: prevent past of boundary access
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Reported by Hanno Böck.
---
 lib/decoding.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Index: libtasn1-3.7/lib/decoding.c
===================================================================
--- libtasn1-3.7.orig/lib/decoding.c
+++ libtasn1-3.7/lib/decoding.c
@@ -676,6 +676,7 @@ _asn1_extract_der_octet (asn1_node node,
     return ASN1_DER_ERROR;
 
   counter = len3 + 1;
+  DECR_LEN(der_len, len3);
 
   if (len2 == -1)
     counter_end = der_len - 2;
@@ -684,6 +685,7 @@ _asn1_extract_der_octet (asn1_node node,
 
   while (counter < counter_end)
     {
+      DECR_LEN(der_len, 1);
       len2 = asn1_get_length_der (der + counter, der_len, &len3);
 
       if (len2 < -1)
@@ -705,7 +707,6 @@ _asn1_extract_der_octet (asn1_node node,
 	  len2 = 0;
 	}
 
-      DECR_LEN(der_len, 1);
       counter += len2 + len3 + 1;
     }
openSUSE Build Service is sponsored by
Places