aboutsummaryrefslogtreecommitdiffstats
path: root/asn1.c
diff options
context:
space:
mode:
authorGerald Combs <gerald@wireshark.org>2004-11-28 04:21:30 +0000
committerGerald Combs <gerald@wireshark.org>2004-11-28 04:21:30 +0000
commita0ad7be1d14c16dfcfb6514cfe60047eb0f6a5fe (patch)
treeaeec97b3cc7c2fffa44d52915ad3ec658a764c06 /asn1.c
parenta95e6e04070900e34910b7cbad9facb35733f49b (diff)
The recent length check added to proto_tree_add_string() revealed a
couple of problems when reading the PROTOS SNMP captures. Check for integer overflows in dissect_snmp_pdu and asn1_null_decode. svn path=/trunk/; revision=12609
Diffstat (limited to 'asn1.c')
-rw-r--r--asn1.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/asn1.c b/asn1.c
index ce734b7ef0..8edd59bcb8 100644
--- a/asn1.c
+++ b/asn1.c
@@ -418,7 +418,17 @@ asn1_eoc_decode (ASN1_SCK *asn1, int eoc)
int
asn1_null_decode ( ASN1_SCK *asn1, int enc_len)
{
+ int start_off = asn1->offset;
+
asn1->offset += enc_len;
+ /*
+ * Check for integer overflows.
+ * XXX - ASN1_ERR_LENGTH_MISMATCH seemed like the most appropriate
+ * error from the ones available. Should we make a new one?
+ */
+ if (asn1->offset < 0 || asn1->offset < start_off)
+ return ASN1_ERR_LENGTH_MISMATCH;
+
return ASN1_ERR_NOERROR;
}