diff options
author | Tom Yu <tlyu@mit.edu> | 2004-08-31 19:18:43 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2004-08-31 19:18:43 +0000 |
commit | 45d43e2320293f1795eab31935fadd435c8fd618 (patch) | |
tree | 77c9a81d5c6aeafb477abb0dc35b9a0f08a7d0b1 /src | |
parent | 7cca8501d6499a0678ddb0747eefd4daa57ae28b (diff) | |
download | krb5-45d43e2320293f1795eab31935fadd435c8fd618.zip krb5-45d43e2320293f1795eab31935fadd435c8fd618.tar.gz krb5-45d43e2320293f1795eab31935fadd435c8fd618.tar.bz2 |
pullup from trunk
ticket: 2687
version_fixed: 1.3.5
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-3@16705 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/krb5/asn.1/ChangeLog | 2 | ||||
-rw-r--r-- | src/lib/krb5/asn.1/asn1buf.c | 2 |
2 files changed, 4 insertions, 0 deletions
diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog index d03af53..d1be656 100644 --- a/src/lib/krb5/asn.1/ChangeLog +++ b/src/lib/krb5/asn.1/ChangeLog @@ -1,5 +1,7 @@ 2004-08-31 Tom Yu <tlyu@mit.edu> + * asn1buf.c: Fix denial-of-service bug. + * asn1buf.c: * krb5_decode.c: Fix double-free vulnerabilities. diff --git a/src/lib/krb5/asn.1/asn1buf.c b/src/lib/krb5/asn.1/asn1buf.c index 566d41e..8baac24 100644 --- a/src/lib/krb5/asn.1/asn1buf.c +++ b/src/lib/krb5/asn.1/asn1buf.c @@ -122,6 +122,8 @@ asn1_error_code asn1buf_skiptail(asn1buf *buf, const unsigned int length, const return ASN1_OVERRUN; } while (nestlevel > 0) { + if (buf->bound - buf->next + 1 <= 0) + return ASN1_OVERRUN; retval = asn1_get_tag_2(buf, &t); if (retval) return retval; if (!t.indef) { |