* asn1_get.c (asn1_get_length): Check for negative length.

author Tom Yu <tlyu@mit.edu>

Mon, 24 Jun 2002 19:20:51 +0000 (19:20 +0000)

committer Tom Yu <tlyu@mit.edu>

Mon, 24 Jun 2002 19:20:51 +0000 (19:20 +0000)
author Tom Yu <tlyu@mit.edu>
Mon, 24 Jun 2002 19:20:51 +0000 (19:20 +0000)
committer Tom Yu <tlyu@mit.edu>
Mon, 24 Jun 2002 19:20:51 +0000 (19:20 +0000)
diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog

index e1b6743d06a8292e41b0a722bee54e500141a351..8dace6e09f8a3f66810df7d4a7a060448abd7e10 100644 (file)
--- a/src/lib/krb5/asn.1/ChangeLog
+++ b/src/lib/krb5/asn.1/ChangeLog
@@ -1,3 +1,8 @@
+2002-06-24  Tom Yu  <tlyu@mit.edu>
+
+       * asn1_get.c (asn1_get_length): Check for negative length.
+       [pullup from 1-2-2-branch]
+
  2002-04-09  Ken Raeburn  <raeburn@mit.edu>
  
         * asn1buf.c (asn1buf_remove_octetstring,
diff --git a/src/lib/krb5/asn.1/asn1_get.c b/src/lib/krb5/asn.1/asn1_get.c

index fc945f115e651d5ad0a8a031138b14f31f127b62..1652db109df40649a504bf06ac1f3f274d496f14 100644 (file)
--- a/src/lib/krb5/asn.1/asn1_get.c
+++ b/src/lib/krb5/asn.1/asn1_get.c
@@ -145,6 +145,8 @@ asn1_error_code asn1_get_length(buf, retlen, indef)
        if(retval) return retval;
        len = (len<<8) + (int)o;
      }
+    if (len < 0)
+      return ASN1_OVERRUN;
      if (indef != NULL && !len)
        *indef = 1;
      if(retlen != NULL) *retlen = len;
author	Tom Yu <tlyu@mit.edu>
	Mon, 24 Jun 2002 19:20:51 +0000 (19:20 +0000)
committer	Tom Yu <tlyu@mit.edu>
	Mon, 24 Jun 2002 19:20:51 +0000 (19:20 +0000)
src/lib/krb5/asn.1/ChangeLog		patch \| blob \| history
src/lib/krb5/asn.1/asn1_get.c		patch \| blob \| history