aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorvlm <vlm@59561ff5-6e30-0410-9f3c-9617f08c8826>2008-11-20 05:15:11 +0000
committervlm <vlm@59561ff5-6e30-0410-9f3c-9617f08c8826>2008-11-20 05:15:11 +0000
commitd02b460727f8252825c29e93fb93c67b29f30a62 (patch)
treec37b4031414efb21eb53c541706c36fb5e647624
parent86058b318edb18af6c7b3fd4624800147c66c1f6 (diff)
memory OOB issue on Windows and with non-standard allocators; by Sheng Yu
git-svn-id: https://asn1c.svn.sourceforge.net/svnroot/asn1c/trunk@1407 59561ff5-6e30-0410-9f3c-9617f08c8826
-rw-r--r--ChangeLog5
-rw-r--r--skeletons/INTEGER.c4
2 files changed, 6 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index d5739e3..4e8a038 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,5 @@
-0.9.22: 2007-Jun-29
+0.9.22: 2008-Nov-19
* Added -pdu=all and -pdu=<type> switches to asn1c.
* Added PER support for most known-multiplier string types:
@@ -18,6 +18,9 @@
* Added DEFAULT handling for known multiplier string.
* Added a sample OMA ULP decoder (./examples/sample.source.ULP).
* Added full-width 32-bit integer encoding support in PER.
+ * Fixed 1-byte OOB write issue with non-standard and Windows
+ memory allocators (Severity: low; Security impact: medium).
+ Reported by Sheng Yu.
0.9.21: 2006-Sep-17
diff --git a/skeletons/INTEGER.c b/skeletons/INTEGER.c
index 54a402b..f016131 100644
--- a/skeletons/INTEGER.c
+++ b/skeletons/INTEGER.c
@@ -868,8 +868,8 @@ asn_ulong2INTEGER(INTEGER_t *st, unsigned long value) {
end = buf + (sizeof(value) + 1);
buf[0] = 0;
- for(b = buf, shr = (sizeof(long)-1)*8; b < end; shr -= 8)
- *(++b) = (uint8_t)(value >> shr);
+ for(b = buf + 1, shr = (sizeof(long)-1)*8; b < end; shr -= 8, b++)
+ *b = (uint8_t)(value >> shr);
if(st->buf) FREEMEM(st->buf);
st->buf = buf;