From 4ecc33dcea23e5fc1ed67d215bbce609b64452ae Mon Sep 17 00:00:00 2001 From: leitner Date: Wed, 23 Apr 2014 13:40:23 +0000 Subject: [PATCH] catch not enough bytes in input buffer case --- scan/scan_asn1derlength.c | 1 + test/marshal.c | 1 + 2 files changed, 2 insertions(+) diff --git a/scan/scan_asn1derlength.c b/scan/scan_asn1derlength.c index 2e51449..eed503b 100644 --- a/scan/scan_asn1derlength.c +++ b/scan/scan_asn1derlength.c @@ -14,6 +14,7 @@ size_t scan_asn1derlengthvalue(const char* src,size_t len,unsigned long long* va l=(unsigned char)src[1]; if (l==0) return 0; /* not minimally encoded: 0x81 0x00 instead of 0x00 */ if (c>sizeof(l)) return 0; /* too many bytes, does not fit into target integer type */ + if (c+1>len) return 0; /* not enough data in input buffer */ for (i=2; i<=c; ++i) l=l*256+(unsigned char)src[i]; if (l<0x7f) return 0; /* not minimally encoded: 0x81 0x70 instead of 0x70 */ diff --git a/test/marshal.c b/test/marshal.c index 6d07e98..d8e8d70 100644 --- a/test/marshal.c +++ b/test/marshal.c @@ -143,6 +143,7 @@ int main() { ull=-1; assert(scan_asn1derlength("\x00_",2,&ull)==1 && ull==0); ull=-1; assert(scan_asn1derlengthvalue("\x81\xc2_",3,&ull)==2 && ull==0xc2); + ull=-1; assert(scan_asn1derlengthvalue("\x82\x12\x34_",2,&ull)==0 && ull==-1); ull=-1; assert(scan_asn1derlengthvalue("\x82\x12\x34_",4,&ull)==3 && ull==0x1234); ull=-1; assert(scan_asn1derlengthvalue("\x82\x00\x34_",4,&ull)==0 && ull==-1); // non-minimal encoding ull=-1; assert(scan_asn1derlengthvalue("\x81\x12_",3,&ull)==0 && ull==-1); // non-minimal encoding