From c54a116b266c232d9e0ffad482eb5f8b98130ac4 Mon Sep 17 00:00:00 2001 From: markus <> Date: Tue, 30 Jul 2002 11:08:06 +0000 Subject: apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2 --- src/lib/libcrypto/asn1/asn1_lib.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'src/lib/libcrypto/asn1/asn1_lib.c') diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c index 830ff2af3c..fd8e77044e 100644 --- a/src/lib/libcrypto/asn1/asn1_lib.c +++ b/src/lib/libcrypto/asn1/asn1_lib.c @@ -123,15 +123,13 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, (int)(omax+ *pp)); #endif -#if 0 - if ((p+ *plength) > (omax+ *pp)) + if (*plength > (omax - (*pp - p))) { ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); /* Set this so that even if things are not long enough * the values are set correctly */ ret|=0x80; } -#endif *pp=p; return(ret|inf); err: @@ -158,6 +156,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) i= *p&0x7f; if (*(p++) & 0x80) { + if (i > sizeof(long)) + return 0; if (max-- == 0) return(0); while (i-- > 0) { @@ -169,6 +169,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) else ret=i; } + if (ret < 0) + return 0; *pp=p; *rl=ret; return(1); @@ -406,7 +408,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b) void asn1_add_error(unsigned char *address, int offset) { - char buf1[16],buf2[16]; + char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; sprintf(buf1,"%lu",(unsigned long)address); sprintf(buf2,"%d",offset); -- cgit v1.2.3-55-g6feb