diff options
-rw-r--r-- | src/lib/krb5/asn.1/ChangeLog | 2 | ||||
-rw-r--r-- | src/lib/krb5/asn.1/asn1buf.c | 2 |
2 files changed, 4 insertions, 0 deletions
diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog index cbead8c2..38513cc 100644 --- a/src/lib/krb5/asn.1/ChangeLog +++ b/src/lib/krb5/asn.1/ChangeLog @@ -1,5 +1,7 @@ 2004-08-31 Tom Yu <tlyu@mit.edu> + * asn1buf.c: Fix denial-of-service bug. + * asn1buf.c: * krb5_decode.c: Fix double-free vulnerabilities. diff --git a/src/lib/krb5/asn.1/asn1buf.c b/src/lib/krb5/asn.1/asn1buf.c index d57cf0f..bcaac68 100644 --- a/src/lib/krb5/asn.1/asn1buf.c +++ b/src/lib/krb5/asn.1/asn1buf.c @@ -140,6 +140,8 @@ asn1_error_code asn1buf_skiptail(buf, length, indef) return ASN1_OVERRUN; } while (nestlevel > 0) { + if (buf->bound - buf->next + 1 <= 0) + return ASN1_OVERRUN; retval = asn1_get_tag_indef(buf, &class, &construction, &tagnum, &taglen, &tagindef); if (retval) return retval; |