1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
From 4d4f992826a4962790ecd0cce6fbba4a415ce149 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Thu, 26 Mar 2015 18:34:57 +0100
Subject: [PATCH] increased size of LTOSTR_MAX_SIZE to account for sign and null byte
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit
This address an overflow found by Hanno Böck in DER decoding.
---
lib/parser_aux.c | 4 ++--
lib/parser_aux.h | 5 +++--
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/lib/parser_aux.c b/lib/parser_aux.c
index d3e9009..da9a388 100644
--- a/lib/parser_aux.c
+++ b/lib/parser_aux.c
@@ -543,7 +543,7 @@ _asn1_delete_list_and_nodes (void)
char *
-_asn1_ltostr (long v, char *str)
+_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE])
{
long d, r;
char temp[LTOSTR_MAX_SIZE];
@@ -567,7 +567,7 @@ _asn1_ltostr (long v, char *str)
count++;
v = d;
}
- while (v);
+ while (v && ((start+count) < LTOSTR_MAX_SIZE-1));
for (k = 0; k < count; k++)
str[k + start] = temp[start + count - k - 1];
diff --git a/lib/parser_aux.h b/lib/parser_aux.h
index 55d9061..437f1c8 100644
--- a/lib/parser_aux.h
+++ b/lib/parser_aux.h
@@ -52,8 +52,9 @@ void _asn1_delete_list (void);
void _asn1_delete_list_and_nodes (void);
-#define LTOSTR_MAX_SIZE 20
-char *_asn1_ltostr (long v, char *str);
+/* Max 64-bit integer length is 20 chars + 1 for sign + 1 for null termination */
+#define LTOSTR_MAX_SIZE 22
+char *_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE]);
asn1_node _asn1_find_up (asn1_node node);
--
1.7.2.5
|