Fix for ASN.1 decoder denial-of-service. [MITKRB5-SA-2004-003]
ticket: new
target_version: 1.3.5
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16702
dc483132-0cff-0310-8789-
dd5450dbe970
2004-08-31 Tom Yu <tlyu@mit.edu>
+ * asn1buf.c: Fix denial-of-service bug.
+
* asn1buf.c:
* krb5_decode.c: Fix double-free vulnerabilities.
return ASN1_OVERRUN;
}
while (nestlevel > 0) {
+ if (buf->bound - buf->next + 1 <= 0)
+ return ASN1_OVERRUN;
retval = asn1_get_tag_2(buf, &t);
if (retval) return retval;
if (!t.indef) {