Reinstate the check for invalid length BIT STRINGS,

author Dr. Stephen Henson <steve@openssl.org>

Fri, 23 Aug 2002 00:02:11 +0000 (00:02 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Fri, 23 Aug 2002 00:02:11 +0000 (00:02 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Fri, 23 Aug 2002 00:02:11 +0000 (00:02 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Fri, 23 Aug 2002 00:02:11 +0000 (00:02 +0000)
diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c

index ed0bdfbde1a75ba478863bde12d351b4877ce6c7..e0265f69d2a5aea15089792a74e5ccd7c2dc8126 100644 (file)
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -120,6 +120,12 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
         unsigned char *p,*s;
         int i;
  
         unsigned char *p,*s;
         int i;
  
+       if (len < 1)
+               {
+               i=ASN1_R_STRING_TOO_SHORT;
+               goto err;
+               }
+
         if ((a == NULL) || ((*a) == NULL))
                 {
                 if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
         if ((a == NULL) || ((*a) == NULL))
                 {
                 if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c

index 0fc1f421e28dc3819a3631aabbfd086d7e9814ce..f87c08793aa5fb9fba0ae240b469eb3d3882ec69 100644 (file)
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -913,10 +913,10 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *i
                         ctx->ptag = ptag;
                         ctx->hdrlen = p - q;
                         ctx->valid = 1;
                         ctx->ptag = ptag;
                         ctx->hdrlen = p - q;
                         ctx->valid = 1;
-                       /* If definite length, length + header can't exceed total
-                        * amount of data available.
+                       /* If definite length, and no error, length +
+                        * header can't exceed total amount of data available. 
                          */
                          */
-                       if(!(i & 1) && ((plen + ctx->hdrlen) > len)) {
+                       if(!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
                                 ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
                                 asn1_tlc_clear(ctx);
                                 return 0;
                                 ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
                                 asn1_tlc_clear(ctx);
                                 return 0;
author	Dr. Stephen Henson <steve@openssl.org>
	Fri, 23 Aug 2002 00:02:11 +0000 (00:02 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Fri, 23 Aug 2002 00:02:11 +0000 (00:02 +0000)
crypto/asn1/a_bitstr.c		patch \| blob \| history
crypto/asn1/tasn_dec.c		patch \| blob \| history