pullup from trunk

ticket: 2687 version_fixed: 1.3.5 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-3@16705 dc483132-0cff-0310-8789-dd5450dbe970
author: Tom Yu <tlyu@mit.edu> 2004-08-31 19:18:43 +0000
committer: Tom Yu <tlyu@mit.edu> 2004-08-31 19:18:43 +0000
commit: 45d43e2320293f1795eab31935fadd435c8fd618 (patch)
tree: 77c9a81d5c6aeafb477abb0dc35b9a0f08a7d0b1 /src
parent: 7cca8501d6499a0678ddb0747eefd4daa57ae28b (diff)
download: krb5-45d43e2320293f1795eab31935fadd435c8fd618.zip
krb5-45d43e2320293f1795eab31935fadd435c8fd618.tar.gz
krb5-45d43e2320293f1795eab31935fadd435c8fd618.tar.bz2
2 files changed, 4 insertions, 0 deletions
diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog
index d03af53..d1be656 100644
--- a/src/lib/krb5/asn.1/ChangeLog
+++ b/src/lib/krb5/asn.1/ChangeLog
@@ -1,5 +1,7 @@
 2004-08-31  Tom Yu  <tlyu@mit.edu>
 
+	* asn1buf.c: Fix denial-of-service bug.
+
 	* asn1buf.c:
 	* krb5_decode.c: Fix double-free vulnerabilities.
 
diff --git a/src/lib/krb5/asn.1/asn1buf.c b/src/lib/krb5/asn.1/asn1buf.c
index 566d41e..8baac24 100644
--- a/src/lib/krb5/asn.1/asn1buf.c
+++ b/src/lib/krb5/asn.1/asn1buf.c
@@ -122,6 +122,8 @@ asn1_error_code asn1buf_skiptail(asn1buf *buf, const unsigned int length, const
       return ASN1_OVERRUN;
   }
   while (nestlevel > 0) {
+    if (buf->bound - buf->next + 1 <= 0)
+      return ASN1_OVERRUN;
     retval = asn1_get_tag_2(buf, &t);
     if (retval) return retval;
     if (!t.indef) {
author	Tom Yu <tlyu@mit.edu>	2004-08-31 19:18:43 +0000
committer	Tom Yu <tlyu@mit.edu>	2004-08-31 19:18:43 +0000
commit	45d43e2320293f1795eab31935fadd435c8fd618 (patch)
tree	77c9a81d5c6aeafb477abb0dc35b9a0f08a7d0b1 /src
parent	7cca8501d6499a0678ddb0747eefd4daa57ae28b (diff)
download	krb5-45d43e2320293f1795eab31935fadd435c8fd618.zip krb5-45d43e2320293f1795eab31935fadd435c8fd618.tar.gz krb5-45d43e2320293f1795eab31935fadd435c8fd618.tar.bz2