aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/libstrongswan/asn1/asn1.c5
-rw-r--r--src/libstrongswan/asn1/asn1_parser.c2
2 files changed, 6 insertions, 1 deletions
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index d57444d67..c8ebd7943 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -296,6 +296,11 @@ size_t asn1_length(chunk_t *blob)
len = 256*len + *blob->ptr++;
blob->len--;
}
+ if (len > blob->len)
+ {
+ DBG2("length is larger than remaining blob size");
+ return ASN1_INVALID_LENGTH;
+ }
return len;
}
diff --git a/src/libstrongswan/asn1/asn1_parser.c b/src/libstrongswan/asn1/asn1_parser.c
index 4a0fafda7..bc4c0b50f 100644
--- a/src/libstrongswan/asn1/asn1_parser.c
+++ b/src/libstrongswan/asn1/asn1_parser.c
@@ -158,7 +158,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
blob1->len = asn1_length(blob);
- if (blob1->len == ASN1_INVALID_LENGTH || blob->len < blob1->len)
+ if (blob1->len == ASN1_INVALID_LENGTH)
{
DBG1("L%d - %s: length of ASN.1 object invalid or too large",
level, obj.name);
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 17:30:11 +0000