asn1: Fix handling of invalid ASN.1 length in is_asn1()

Fixes CVE-2013-5018.
author: Tobias Brunner <tobias@strongswan.org> 2013-07-29 23:45:38 +0200
committer: Andreas Steffen <andreas.steffen@strongswan.org> 2013-07-31 22:16:58 +0200
commit: b3393c88c1d1f68540a3084fda0a80377ef3c1fc (patch)
tree: 6f6c204afe9ba24d0e3dc8409c4a149d5e631179
parent: cc5bedbb98f97a0adf18482d230f7ddc15d098b3 (diff)
download: strongswan-b3393c88c1d1f68540a3084fda0a80377ef3c1fc.tar.bz2
strongswan-b3393c88c1d1f68540a3084fda0a80377ef3c1fc.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 68f37f471..d860ad9a2 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -642,6 +642,11 @@ bool is_asn1(chunk_t blob)
 
 	len = asn1_length(&blob);
 
+	if (len == ASN1_INVALID_LENGTH)
+	{
+		return FALSE;
+	}
+
 	/* exact match */
 	if (len == blob.len)
 	{
author	Tobias Brunner <tobias@strongswan.org>	2013-07-29 23:45:38 +0200
committer	Andreas Steffen <andreas.steffen@strongswan.org>	2013-07-31 22:16:58 +0200
commit	b3393c88c1d1f68540a3084fda0a80377ef3c1fc (patch)
tree	6f6c204afe9ba24d0e3dc8409c4a149d5e631179
parent	cc5bedbb98f97a0adf18482d230f7ddc15d098b3 (diff)
download	strongswan-b3393c88c1d1f68540a3084fda0a80377ef3c1fc.tar.bz2 strongswan-b3393c88c1d1f68540a3084fda0a80377ef3c1fc.tar.xz