From be06fd7f499cf90eaa48616118ff56288e88f461 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Wed, 27 Sep 2000 03:54:33 +0000 Subject: [PATCH] * asn1_get.c (asn1_get_tag_indef): Fix to not deref random garbage while checking for EOC encoding. At least the indefinite decoding breaks consistently now. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12684 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/asn.1/ChangeLog | 6 ++++++ src/lib/krb5/asn.1/asn1_get.c | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog index a076861ef..e0c1f427f 100644 --- a/src/lib/krb5/asn.1/ChangeLog +++ b/src/lib/krb5/asn.1/ChangeLog @@ -1,3 +1,9 @@ +2000-09-26 Tom Yu + + * asn1_get.c (asn1_get_tag_indef): Fix to not deref random garbage + while checking for EOC encoding. At least the indefinite decoding + breaks consistently now. + 2000-08-07 Ezra Peisach * asn1_k_decode.c (asn1_decode_last_req_entry): Decode the lr_type diff --git a/src/lib/krb5/asn.1/asn1_get.c b/src/lib/krb5/asn.1/asn1_get.c index 9715b0373..c8a50ad61 100644 --- a/src/lib/krb5/asn.1/asn1_get.c +++ b/src/lib/krb5/asn.1/asn1_get.c @@ -43,7 +43,8 @@ asn1_get_tag_indef(buf, class, construction, tagnum, retlen, indef) return 0; } /* Allow for the indefinite encoding */ - if ( !*(buf->next) && !*(buf->next + 1)) { + if ((buf->bound - buf->next + 1 >= 2) + && !*(buf->next) && !*(buf->next + 1)) { buf->next += 2; *tagnum = ASN1_TAGNUM_CEILING; return 0; -- 2.26.2