From 41ab00bedf7259c60555a080219ed68e1afb8a22 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 23 Aug 2002 00:02:11 +0000 Subject: [PATCH 1/1] Reinstate the check for invalid length BIT STRINGS, which was effectively bypassed in the ASN1 changed. --- crypto/asn1/a_bitstr.c | 6 ++++++ crypto/asn1/tasn_dec.c | 6 +++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c index ed0bdfbde1..e0265f69d2 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.c @@ -120,6 +120,12 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp, unsigned char *p,*s; int i; + if (len < 1) + { + i=ASN1_R_STRING_TOO_SHORT; + goto err; + } + if ((a == NULL) || ((*a) == NULL)) { if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL); diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 0fc1f421e2..f87c08793a 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -913,10 +913,10 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *i ctx->ptag = ptag; ctx->hdrlen = p - q; ctx->valid = 1; - /* If definite length, length + header can't exceed total - * amount of data available. + /* If definite length, and no error, length + + * header can't exceed total amount of data available. */ - if(!(i & 1) && ((plen + ctx->hdrlen) > len)) { + if(!(i & 0x81) && ((plen + ctx->hdrlen) > len)) { ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG); asn1_tlc_clear(ctx); return 0; -- 2.34.1