From 71b3d384cf53a4a7706514e187c0a1bdfebd38d4 Mon Sep 17 00:00:00 2001
From: Pascal Quantin <pascal.quantin@gmail.com>
Date: Mon, 19 Oct 2015 14:23:12 +0200
Subject: X509AF: ensure that BER dissector successfully decoded a bit string
 before calling RSA Public Key dissection

Bug: 11612
Change-Id: Ia1279b5991604631241398ab19f0652e36a2114e
Reviewed-on: https://code.wireshark.org/review/11144
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
---
 asn1/x509af/x509af.cnf | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'asn1/x509af/x509af.cnf')

diff --git a/asn1/x509af/x509af.cnf b/asn1/x509af/x509af.cnf
index 5058676a27..23ae5c7c62 100644
--- a/asn1/x509af/x509af.cnf
+++ b/asn1/x509af/x509af.cnf
@@ -88,7 +88,7 @@ CertificateList/signedCertificateList/revokedCertificates/_item/userCertificate
 #.END
 
 #.FN_BODY SubjectPublicKeyInfo/subjectPublicKey
-  tvbuff_t *bs_tvb;
+  tvbuff_t *bs_tvb = NULL;
 # proto_tree *subtree;
 
   dissect_ber_bitstring(FALSE, actx, NULL, tvb, offset,
@@ -96,15 +96,15 @@ CertificateList/signedCertificateList/revokedCertificates/_item/userCertificate
 
   /* See RFC 3279 for possible subjectPublicKey values given an Algorithm ID.
    * The contents of subjectPublicKey are always explicitly tagged. */
-  if (!g_strcmp0(algorithm_id, "1.2.840.113549.1.1.1")) { /* id-rsa */
+  if (bs_tvb && !g_strcmp0(algorithm_id, "1.2.840.113549.1.1.1")) { /* id-rsa */
     offset += dissect_pkcs1_RSAPublicKey(FALSE, bs_tvb, 0, actx, tree, hf_index);
 
 # TODO: PKCS#1 only defines RSA; DH and DSA are from PKIX1Algorithms2008
-# } else if (!g_strcmp0(algorithm_id, "1.2.840.10040.4.1")) { /* id-dsa */
+# } else if (bs_tvb && !g_strcmp0(algorithm_id, "1.2.840.10040.4.1")) { /* id-dsa */
 #   subtree = proto_item_add_subtree(actx->created_item, ett_subjectpublickey);
 #   offset += dissect_DSAPublicKey(FALSE, bs_tvb, 0, actx, subtree, hf_dsa_y);
 #
-# } else if (!g_strcmp0(algorithm_id, "1.2.840.10046.2.1")) { /* dhpublicnumber */
+# } else if (bs_tvb && !g_strcmp0(algorithm_id, "1.2.840.10046.2.1")) { /* dhpublicnumber */
 #   subtree = proto_item_add_subtree(actx->created_item, ett_subjectpublickey);
 #   offset += dissect_DHPublicKey(FALSE, bs_tvb, 0, actx, subtree, hf_dh_y);
 #
-- 
cgit v1.2.3