calculation and check overflow against LONG_MAX.
Changes between 0.9.6e and 0.9.6f [XX xxx XXXX]
Changes between 0.9.6e and 0.9.6f [XX xxx XXXX]
+ *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
+ and get fix the header length calculation.
+ [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
+ Alon Kantor <alonk@checkpoint.com> (and others),
+ Steve Henson]
+
*) Use proper error handling instead of 'assertions' in buffer
overflow checks added in 0.9.6e. This prevents DoS (the
assertions could call abort()).
*) Use proper error handling instead of 'assertions' in buffer
overflow checks added in 0.9.6e. This prevents DoS (the
assertions could call abort()).
#include "cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/asn1_mac.h>
#include "cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/asn1_mac.h>
(int)(omax+ *pp));
#endif
(int)(omax+ *pp));
#endif
- if (*plength > (omax - (*pp - p)))
+ if (*plength > (omax - (*p - *pp)))
{
ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
/* Set this so that even if things are not long enough
{
ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
/* Set this so that even if things are not long enough
static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
{
unsigned char *p= *pp;
static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
{
unsigned char *p= *pp;
int i;
if (max-- < 1) return(0);
int i;
if (max-- < 1) return(0);