From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 29 Jul 2013 21:45:38 +0000 (+0200)
Subject: asn1: Fix handling of invalid ASN.1 length in is_asn1()
X-Git-Tag: 5.1.0~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b3393c88c1d1f68540a3084fda0a80377ef3c1fc;p=thirdparty%2Fstrongswan.git

asn1: Fix handling of invalid ASN.1 length in is_asn1()

Fixes CVE-2013-5018.
---

diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 68f37f4711..d860ad9a2a 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -642,6 +642,11 @@ bool is_asn1(chunk_t blob)
 
 	len = asn1_length(&blob);
 
+	if (len == ASN1_INVALID_LENGTH)
+	{
+		return FALSE;
+	}
+
 	/* exact match */
 	if (len == blob.len)
 	{