aboutsummaryrefslogtreecommitdiffstats
path: root/asn1.c
diff options
context:
space:
mode:
authorGuy Harris <guy@alum.mit.edu>2002-02-21 02:05:53 +0000
committerGuy Harris <guy@alum.mit.edu>2002-02-21 02:05:53 +0000
commit20c4601ef8827b356ca48b75d58a980da764ea81 (patch)
tree5497f7c0a2ecdab5795624a523e196393d939513 /asn1.c
parent5f04fd03797d8118897a75b79107fcc3a9f00854 (diff)
Be more paranoid, and check to make sure the length of the string or OID
isn't so large as to cause the end offset to wrap around. svn path=/trunk/; revision=4766
Diffstat (limited to 'asn1.c')
-rw-r--r--asn1.c18
1 files changed, 17 insertions, 1 deletions
diff --git a/asn1.c b/asn1.c
index 1c7c2852ea..4570c0da22 100644
--- a/asn1.c
+++ b/asn1.c
@@ -1,7 +1,7 @@
/* asn1.c
* Routines for ASN.1 BER dissection
*
- * $Id: asn1.c,v 1.9 2002/02/20 22:46:21 guy Exp $
+ * $Id: asn1.c,v 1.10 2002/02/21 02:05:53 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@@ -68,6 +68,8 @@
#include <winsock.h>
#endif
+#include <limits.h>
+
#include <glib.h>
#include <epan/tvbuff.h>
#include "asn1.h"
@@ -649,6 +651,13 @@ asn1_string_value_decode ( ASN1_SCK *asn1, int enc_len, guchar **octets)
eoc = asn1->offset + enc_len;
/*
+ * Check for an overflow, and clamp "eoc" at the maximum if we
+ * get it.
+ */
+ if (eoc < asn1->offset || eoc < 0)
+ eoc = INT_MAX;
+
+ /*
* First, make sure the entire string is in the tvbuff, and throw
* an exception if it isn't. If the length is bogus, this should
* keep us from trying to allocate an immensely large buffer.
@@ -811,6 +820,13 @@ asn1_oid_value_decode ( ASN1_SCK *asn1, int enc_len, subid_t **oid, guint *len)
eoc = asn1->offset + enc_len;
/*
+ * Check for an overflow, and clamp "eoc" at the maximum if we
+ * get it.
+ */
+ if (eoc < asn1->offset || eoc < 0)
+ eoc = INT_MAX;
+
+ /*
* First, make sure the entire string is in the tvbuff, and throw
* an exception if it isn't. If the length is bogus, this should
* keep us from trying to allocate an immensely large buffer.