# HG changeset patch # User Matt Johnston # Date 1468337322 -28800 # Node ID ad9c40aca3bcbe49a7876243d35196a08a4f14a7 # Parent 34e6127ef02eb52d1f1f9494b9cbfe89bec0e925 add length checks for ecc too diff -r 34e6127ef02e -r ad9c40aca3bc keyimport.c --- a/keyimport.c Tue Jul 12 23:00:01 2016 +0800 +++ b/keyimport.c Tue Jul 12 23:28:42 2016 +0800 @@ -273,6 +273,11 @@ p++, sourcelen--; } + if (*length < 0) { + printf("Negative ASN.1 length\n"); + return -1; + } + return p - (unsigned char *) source; } @@ -587,7 +592,7 @@ p += ret; if (ret < 0 || id != 16 || len < 0 || key->keyblob+key->keyblob_len-p < len) { - errmsg = "ASN.1 decoding failure - wrong password?"; + errmsg = "ASN.1 decoding failure"; goto error; } @@ -687,7 +692,7 @@ &id, &len, &flags); p += ret; /* id==4 for octet string */ - if (ret < 0 || id != 4 || + if (ret < 0 || id != 4 || len < 0 || key->keyblob+key->keyblob_len-p < len) { errmsg = "ASN.1 decoding failure"; goto error; @@ -701,7 +706,7 @@ &id, &len, &flags); p += ret; /* id==0 */ - if (ret < 0 || id != 0) { + if (ret < 0 || id != 0 || len < 0) { errmsg = "ASN.1 decoding failure"; goto error; } @@ -710,7 +715,7 @@ &id, &len, &flags); p += ret; /* id==6 for object */ - if (ret < 0 || id != 6 || + if (ret < 0 || id != 6 || len < 0 || key->keyblob+key->keyblob_len-p < len) { errmsg = "ASN.1 decoding failure"; goto error; @@ -749,7 +754,7 @@ &id, &len, &flags); p += ret; /* id==1 */ - if (ret < 0 || id != 1) { + if (ret < 0 || id != 1 || len < 0) { errmsg = "ASN.1 decoding failure"; goto error; } @@ -758,7 +763,7 @@ &id, &len, &flags); p += ret; /* id==3 for bit string */ - if (ret < 0 || id != 3 || + if (ret < 0 || id != 3 || len < 0 || key->keyblob+key->keyblob_len-p < len) { errmsg = "ASN.1 decoding failure"; goto error;