pullup to 1.2.x from trunk

author Tom Yu <tlyu@mit.edu>

Tue, 31 Aug 2004 19:44:39 +0000 (19:44 +0000)

committer Tom Yu <tlyu@mit.edu>

Tue, 31 Aug 2004 19:44:39 +0000 (19:44 +0000)
author Tom Yu <tlyu@mit.edu>
Tue, 31 Aug 2004 19:44:39 +0000 (19:44 +0000)
committer Tom Yu <tlyu@mit.edu>
Tue, 31 Aug 2004 19:44:39 +0000 (19:44 +0000)
diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog

index cbead8c2f2071a5009f1bdcb0e087829fa3afd65..38513cc543c02671e14d0efd1fecec9222e62d7b 100644 (file)
--- a/src/lib/krb5/asn.1/ChangeLog
+++ b/src/lib/krb5/asn.1/ChangeLog
@@ -1,5 +1,7 @@
  2004-08-31  Tom Yu  <tlyu@mit.edu>
  
+       * asn1buf.c: Fix denial-of-service bug.
+
         * asn1buf.c:
         * krb5_decode.c: Fix double-free vulnerabilities.
  
diff --git a/src/lib/krb5/asn.1/asn1buf.c b/src/lib/krb5/asn.1/asn1buf.c

index d57cf0fd73dfc5ffe01d02cc1464b4e4d756ee9f..bcaac68e5fcfc76606ea939df05e94d207f8c368 100644 (file)
--- a/src/lib/krb5/asn.1/asn1buf.c
+++ b/src/lib/krb5/asn.1/asn1buf.c
@@ -140,6 +140,8 @@ asn1_error_code asn1buf_skiptail(buf, length, indef)
        return ASN1_OVERRUN;
    }
    while (nestlevel > 0) {
+    if (buf->bound - buf->next + 1 <= 0)
+      return ASN1_OVERRUN;
      retval = asn1_get_tag_indef(buf, &class, &construction, &tagnum,
                                 &taglen, &tagindef);
      if (retval) return retval;
author	Tom Yu <tlyu@mit.edu>
	Tue, 31 Aug 2004 19:44:39 +0000 (19:44 +0000)
committer	Tom Yu <tlyu@mit.edu>
	Tue, 31 Aug 2004 19:44:39 +0000 (19:44 +0000)
src/lib/krb5/asn.1/ChangeLog		patch \| blob \| blame \| history
src/lib/krb5/asn.1/asn1buf.c		patch \| blob \| blame \| history