From: Tom Yu Date: Wed, 27 Sep 2000 03:54:33 +0000 (+0000) Subject: * asn1_get.c (asn1_get_tag_indef): Fix to not deref random garbage X-Git-Tag: krb5-1.3-alpha1~1875 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=be06fd7f499cf90eaa48616118ff56288e88f461;p=krb5.git * asn1_get.c (asn1_get_tag_indef): Fix to not deref random garbage while checking for EOC encoding. At least the indefinite decoding breaks consistently now. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12684 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog index a076861ef..e0c1f427f 100644 --- a/src/lib/krb5/asn.1/ChangeLog +++ b/src/lib/krb5/asn.1/ChangeLog @@ -1,3 +1,9 @@ +2000-09-26 Tom Yu + + * asn1_get.c (asn1_get_tag_indef): Fix to not deref random garbage + while checking for EOC encoding. At least the indefinite decoding + breaks consistently now. + 2000-08-07 Ezra Peisach * asn1_k_decode.c (asn1_decode_last_req_entry): Decode the lr_type diff --git a/src/lib/krb5/asn.1/asn1_get.c b/src/lib/krb5/asn.1/asn1_get.c index 9715b0373..c8a50ad61 100644 --- a/src/lib/krb5/asn.1/asn1_get.c +++ b/src/lib/krb5/asn.1/asn1_get.c @@ -43,7 +43,8 @@ asn1_get_tag_indef(buf, class, construction, tagnum, retlen, indef) return 0; } /* Allow for the indefinite encoding */ - if ( !*(buf->next) && !*(buf->next + 1)) { + if ((buf->bound - buf->next + 1 >= 2) + && !*(buf->next) && !*(buf->next + 1)) { buf->next += 2; *tagnum = ASN1_TAGNUM_CEILING; return 0;