Mercurial > dropbear
view libtomcrypt/src/pk/asn1/der/integer/der_decode_integer.c @ 404:a588558bfc94
Fix potential null pointer dereference found by Klokwork
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sat, 03 Feb 2007 09:58:14 +0000 |
parents | 1b9e69c058d2 |
children | 0cbe8f6dbf9e |
line wrap: on
line source
/* LibTomCrypt, modular cryptographic library -- Tom St Denis * * LibTomCrypt is a library that provides various cryptographic * algorithms in a highly modular and flexible manner. * * The library is free for all purposes without any express * guarantee it works. * * Tom St Denis, [email protected], http://libtomcrypt.org */ #include "tomcrypt.h" /** @file der_decode_integer.c ASN.1 DER, decode an integer, Tom St Denis */ #ifdef LTC_DER /** Read a mp_int integer @param in The DER encoded data @param inlen Size of DER encoded data @param num The first mp_int to decode @return CRYPT_OK if successful */ int der_decode_integer(const unsigned char *in, unsigned long inlen, mp_int *num) { unsigned long x, y, z; int err; LTC_ARGCHK(num != NULL); LTC_ARGCHK(in != NULL); /* min DER INTEGER is 0x02 01 00 == 0 */ if (inlen < (1 + 1 + 1)) { return CRYPT_INVALID_PACKET; } /* ok expect 0x02 when we AND with 0001 1111 [1F] */ x = 0; if ((in[x++] & 0x1F) != 0x02) { return CRYPT_INVALID_PACKET; } /* now decode the len stuff */ z = in[x++]; if ((z & 0x80) == 0x00) { /* short form */ /* will it overflow? */ if (x + z > inlen) { return CRYPT_INVALID_PACKET; } /* no so read it */ if ((err = mpi_to_ltc_error(mp_read_unsigned_bin(num, (unsigned char *)in + x, z))) != CRYPT_OK) { return err; } } else { /* long form */ z &= 0x7F; /* will number of length bytes overflow? (or > 4) */ if (((x + z) > inlen) || (z > 4) || (z == 0)) { return CRYPT_INVALID_PACKET; } /* now read it in */ y = 0; while (z--) { y = ((unsigned long)(in[x++])) | (y << 8); } /* now will reading y bytes overrun? */ if ((x + y) > inlen) { return CRYPT_INVALID_PACKET; } /* no so read it */ if ((err = mpi_to_ltc_error(mp_read_unsigned_bin(num, (unsigned char *)in + x, y))) != CRYPT_OK) { return err; } } /* see if it's negative */ if (in[x] & 0x80) { mp_int tmp; if (mp_init(&tmp) != MP_OKAY) { return CRYPT_MEM; } if (mp_2expt(&tmp, mp_count_bits(num)) != MP_OKAY || mp_sub(num, &tmp, num) != MP_OKAY) { mp_clear(&tmp); return CRYPT_MEM; } mp_clear(&tmp); } return CRYPT_OK; } #endif /* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/integer/der_decode_integer.c,v $ */ /* $Revision: 1.2 $ */ /* $Date: 2005/06/01 00:06:05 $ */