From: Martin Willi <martin@revosec.ch>
Date: Thu, 29 Nov 2012 15:12:45 +0000 (+0100)
Subject: Don't handle PKCS#7 containers with infinite length encodings in pkcs7 plugin
X-Git-Tag: 5.0.2dr4~56
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=71dd4e78954fce85f2891e38e78d38034c443d61;p=thirdparty%2Fstrongswan.git

Don't handle PKCS#7 containers with infinite length encodings in pkcs7 plugin
---

diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c b/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c
index 0a8b1bbd04..13fe5f54ab 100644
--- a/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c
@@ -114,6 +114,12 @@ pkcs7_t *pkcs7_generic_load(container_type_t type, va_list args)
 	}
 	if (blob.len)
 	{
+		if (blob.len >= 2 &&
+			blob.ptr[0] == ASN1_SEQUENCE && blob.ptr[1] == 0x80)
+		{	/* looks like infinite lenght BER encoding, but we can't handle it.
+			 * ignore silently, our openssl backend can handle it */
+			return NULL;
+		}
 		return parse_contentInfo(blob);
 	}
 	return NULL;