diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2009-06-19 14:44:11 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2009-06-19 14:44:11 +0200 |
| commit | 1e3bcfeb714d58f15e2779984462d59f062b6bb0 (patch) | |
| tree | 8a8c76b0d27ebec5d400cc4bfba11e22fcf97585 /src/libstrongswan/asn1/asn1.c | |
| parent | d7d349271697bddbf0566e674b10c30e30bf4c52 (diff) | |
| download | strongswan-1e3bcfeb714d58f15e2779984462d59f062b6bb0.tar.bz2 strongswan-1e3bcfeb714d58f15e2779984462d59f062b6bb0.tar.xz | |
Fixed two DoS vulnerabilities in the ASN.1 parser, version bump to 4.2.16
Diffstat (limited to 'src/libstrongswan/asn1/asn1.c')
| -rw-r--r-- | src/libstrongswan/asn1/asn1.c | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index 85695bbea..e45e6cae9 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -261,6 +261,11 @@ u_int asn1_length(chunk_t *blob) len = 256*len + *blob->ptr++; blob->len--; } + if (len > blob->len) + { + DBG2("length is larger than remaining blob size"); + return ASN1_INVALID_LENGTH; + } return len; } @@ -283,14 +288,20 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) { int tz_hour, tz_min; - sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min); + if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2) + { + return 0; /* error in positive timezone offset format */ + } tz_offset = 3600*tz_hour + 60*tz_min; /* positive time zone offset */ } else if ((eot = memchr(utctime->ptr, '-', utctime->len)) != NULL) { int tz_hour, tz_min; - sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min); + if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2) + { + return 0; /* error in negative timezone offset format */ + } tz_offset = -3600*tz_hour - 60*tz_min; /* negative time zone offset */ } else @@ -303,14 +314,20 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d": "%4d%2d%2d%2d%2d"; - sscanf(utctime->ptr, format, &t.tm_year, &t.tm_mon, &t.tm_mday, - &t.tm_hour, &t.tm_min); + if (sscanf(utctime->ptr, format, &t.tm_year, &t.tm_mon, &t.tm_mday, + &t.tm_hour, &t.tm_min) != 5) + { + return 0; /* error in time st [yy]yymmddhhmm time format */ + } } /* is there a seconds field? */ if ((eot - utctime->ptr) == ((type == ASN1_UTCTIME)?12:14)) { - sscanf(eot-2, "%2d", &t.tm_sec); + if (sscanf(eot-2, "%2d", &t.tm_sec) != 1) + { + return 0; /* error in ss seconds field format */ + } } else { |