Mercurial > dropbear
diff keyimport.c @ 1307:ad9c40aca3bc
add length checks for ecc too
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Tue, 12 Jul 2016 23:28:42 +0800 |
parents | 34e6127ef02e |
children | 8678e2cc1e53 |
line wrap: on
line diff
--- a/keyimport.c Tue Jul 12 23:00:01 2016 +0800 +++ b/keyimport.c Tue Jul 12 23:28:42 2016 +0800 @@ -273,6 +273,11 @@ p++, sourcelen--; } + if (*length < 0) { + printf("Negative ASN.1 length\n"); + return -1; + } + return p - (unsigned char *) source; } @@ -587,7 +592,7 @@ p += ret; if (ret < 0 || id != 16 || len < 0 || key->keyblob+key->keyblob_len-p < len) { - errmsg = "ASN.1 decoding failure - wrong password?"; + errmsg = "ASN.1 decoding failure"; goto error; } @@ -687,7 +692,7 @@ &id, &len, &flags); p += ret; /* id==4 for octet string */ - if (ret < 0 || id != 4 || + if (ret < 0 || id != 4 || len < 0 || key->keyblob+key->keyblob_len-p < len) { errmsg = "ASN.1 decoding failure"; goto error; @@ -701,7 +706,7 @@ &id, &len, &flags); p += ret; /* id==0 */ - if (ret < 0 || id != 0) { + if (ret < 0 || id != 0 || len < 0) { errmsg = "ASN.1 decoding failure"; goto error; } @@ -710,7 +715,7 @@ &id, &len, &flags); p += ret; /* id==6 for object */ - if (ret < 0 || id != 6 || + if (ret < 0 || id != 6 || len < 0 || key->keyblob+key->keyblob_len-p < len) { errmsg = "ASN.1 decoding failure"; goto error; @@ -749,7 +754,7 @@ &id, &len, &flags); p += ret; /* id==1 */ - if (ret < 0 || id != 1) { + if (ret < 0 || id != 1 || len < 0) { errmsg = "ASN.1 decoding failure"; goto error; } @@ -758,7 +763,7 @@ &id, &len, &flags); p += ret; /* id==3 for bit string */ - if (ret < 0 || id != 3 || + if (ret < 0 || id != 3 || len < 0 || key->keyblob+key->keyblob_len-p < len) { errmsg = "ASN.1 decoding failure"; goto error;