diff keyimport.c @ 1307:ad9c40aca3bc

add length checks for ecc too
author Matt Johnston <matt@ucc.asn.au>
date Tue, 12 Jul 2016 23:28:42 +0800
parents 34e6127ef02e
children 8678e2cc1e53
line wrap: on
line diff
--- a/keyimport.c	Tue Jul 12 23:00:01 2016 +0800
+++ b/keyimport.c	Tue Jul 12 23:28:42 2016 +0800
@@ -273,6 +273,11 @@
 	p++, sourcelen--;
     }
 
+    if (*length < 0) {
+    	printf("Negative ASN.1 length\n");
+    	return -1;
+    }
+
     return p - (unsigned char *) source;
 }
 
@@ -587,7 +592,7 @@
     p += ret;
     if (ret < 0 || id != 16 || len < 0 ||
         key->keyblob+key->keyblob_len-p < len) {
-		errmsg = "ASN.1 decoding failure - wrong password?";
+		errmsg = "ASN.1 decoding failure";
 	goto error;
     }
 
@@ -687,7 +692,7 @@
 							  &id, &len, &flags);
 		p += ret;
 		/* id==4 for octet string */
-		if (ret < 0 || id != 4 ||
+		if (ret < 0 || id != 4 || len < 0 ||
 			key->keyblob+key->keyblob_len-p < len) {
 			errmsg = "ASN.1 decoding failure";
 			goto error;
@@ -701,7 +706,7 @@
 							  &id, &len, &flags);
 		p += ret;
 		/* id==0 */
-		if (ret < 0 || id != 0) {
+		if (ret < 0 || id != 0 || len < 0) {
 			errmsg = "ASN.1 decoding failure";
 			goto error;
 		}
@@ -710,7 +715,7 @@
 							  &id, &len, &flags);
 		p += ret;
 		/* id==6 for object */
-		if (ret < 0 || id != 6 ||
+		if (ret < 0 || id != 6 || len < 0 ||
 			key->keyblob+key->keyblob_len-p < len) {
 			errmsg = "ASN.1 decoding failure";
 			goto error;
@@ -749,7 +754,7 @@
 							  &id, &len, &flags);
 		p += ret;
 		/* id==1 */
-		if (ret < 0 || id != 1) {
+		if (ret < 0 || id != 1 || len < 0) {
 			errmsg = "ASN.1 decoding failure";
 			goto error;
 		}
@@ -758,7 +763,7 @@
 							  &id, &len, &flags);
 		p += ret;
 		/* id==3 for bit string */
-		if (ret < 0 || id != 3 ||
+		if (ret < 0 || id != 3 || len < 0 ||
 			key->keyblob+key->keyblob_len-p < len) {
 			errmsg = "ASN.1 decoding failure";
 			goto error;