* asn1_get.c (asn1_get_tag_indef): Fix to not deref random garbage

	while checking for EOC encoding.  At least the indefinite decoding
	breaks consistently now.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12684 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog
index a076861ef34fede3dd38c188486d3c7474d768b0..e0c1f427f40565d6d0525c4550727bb0938db3d5 100644 (file)
--- a/src/lib/krb5/asn.1/ChangeLog
+++ b/src/lib/krb5/asn.1/ChangeLog
@@ -1,3 +1,9 @@
+2000-09-26  Tom Yu  <tlyu@mit.edu>
+
+       * asn1_get.c (asn1_get_tag_indef): Fix to not deref random garbage
+       while checking for EOC encoding.  At least the indefinite decoding
+       breaks consistently now.
+
 2000-08-07  Ezra Peisach  <epeisach@mit.edu>
 
        * asn1_k_decode.c (asn1_decode_last_req_entry): Decode the lr_type

diff --git a/src/lib/krb5/asn.1/asn1_get.c b/src/lib/krb5/asn.1/asn1_get.c
index 9715b037397ef9a12bbe4834866d18680f8a407c..c8a50ad6198e8bc624534d3c8a5bcb6f32b2ed30 100644 (file)
--- a/src/lib/krb5/asn.1/asn1_get.c
+++ b/src/lib/krb5/asn.1/asn1_get.c
@@ -43,7 +43,8 @@ asn1_get_tag_indef(buf, class, construction, tagnum, retlen, indef)
       return 0;
   }
   /* Allow for the indefinite encoding */
-  if ( !*(buf->next) && !*(buf->next + 1)) {
+  if ((buf->bound - buf->next + 1 >= 2)
+      && !*(buf->next) && !*(buf->next + 1)) {
     buf->next += 2;
     *tagnum = ASN1_TAGNUM_CEILING;
     return 0;