From 5bab480155fa5dfc016c1a8e9829df449c9ea0a5 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Mon, 24 Jun 2002 19:20:51 +0000 Subject: [PATCH] * asn1_get.c (asn1_get_length): Check for negative length. [pullup from 1-2-2-branch] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14560 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/asn.1/ChangeLog | 5 +++++ src/lib/krb5/asn.1/asn1_get.c | 2 ++ 2 files changed, 7 insertions(+) diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog index e1b6743d0..8dace6e09 100644 --- a/src/lib/krb5/asn.1/ChangeLog +++ b/src/lib/krb5/asn.1/ChangeLog @@ -1,3 +1,8 @@ +2002-06-24 Tom Yu + + * asn1_get.c (asn1_get_length): Check for negative length. + [pullup from 1-2-2-branch] + 2002-04-09 Ken Raeburn * asn1buf.c (asn1buf_remove_octetstring, diff --git a/src/lib/krb5/asn.1/asn1_get.c b/src/lib/krb5/asn.1/asn1_get.c index fc945f115..1652db109 100644 --- a/src/lib/krb5/asn.1/asn1_get.c +++ b/src/lib/krb5/asn.1/asn1_get.c @@ -145,6 +145,8 @@ asn1_error_code asn1_get_length(buf, retlen, indef) if(retval) return retval; len = (len<<8) + (int)o; } + if (len < 0) + return ASN1_OVERRUN; if (indef != NULL && !len) *indef = 1; if(retlen != NULL) *retlen = len; -- 2.26.2