projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix for crashing INTEGERs, ENUMERATEDs and OBJECT IDENTIFIERs.
[openssl.git]
/
crypto
/
asn1
/
a_int.c
diff --git
a/crypto/asn1/a_int.c
b/crypto/asn1/a_int.c
index 7ed99eb3994aff7f949e9bc8eb2c3d3489ff3ad7..bcbdc7d4e128cbd995bb1a93c3ca9480b92e221c 100644
(file)
--- a/
crypto/asn1/a_int.c
+++ b/
crypto/asn1/a_int.c
@@
-202,7
+202,12
@@
ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
goto err;
}
to=s;
goto err;
}
to=s;
- if (*p & 0x80) /* a negative number */
+ if(!len) {
+ /* Strictly speaking this is an illegal INTEGER but we
+ * tolerate it.
+ */
+ ret->type=V_ASN1_INTEGER;
+ } else if (*p & 0x80) /* a negative number */
{
ret->type=V_ASN1_NEG_INTEGER;
if ((*p == 0xff) && (len != 1)) {
{
ret->type=V_ASN1_NEG_INTEGER;
if ((*p == 0xff) && (len != 1)) {
@@
-301,7
+306,8
@@
ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
goto err;
}
to=s;
goto err;
}
to=s;
- ret->type=V_ASN1_INTEGER;
+ ret->type=V_ASN1_INTEGER;
+ if(len) {
if ((*p == 0) && (len != 1))
{
p++;
if ((*p == 0) && (len != 1))
{
p++;
@@
-309,6
+315,7
@@
ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
}
memcpy(s,p,(int)len);
p+=len;
}
memcpy(s,p,(int)len);
p+=len;
+ }
if (ret->data != NULL) Free((char *)ret->data);
ret->data=s;
if (ret->data != NULL) Free((char *)ret->data);
ret->data=s;