From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 11 May 2012 14:05:55 +0000 (+0200)
Subject: Don't use chunk_skip() in asn1_length().
X-Git-Tag: 5.0.0~158
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e8120632ae302fe1e12eeec9baf1a70d33456ca8;p=thirdparty%2Fstrongswan.git

Don't use chunk_skip() in asn1_length().

chunk_skip() returns chunk_empty if the length of the chunk is equal to
the number of bytes to skip, this is problematic as asn1_length() modifies
the original chunk.  asn1_parser_t for instance uses the modified chunk to
later calculate the length of the resulting ASN.1 object which produces
incorrect results if it is based on chunk_empty.
---

diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 4cb38d1266..8adab85805 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -228,7 +228,8 @@ size_t asn1_length(chunk_t *blob)
 
 	/* read length field, skip tag and length */
 	n = blob->ptr[1];
-	*blob = chunk_skip(*blob, 2);
+	blob->ptr += 2;
+	blob->len -= 2;
 
 	if ((n & 0x80) == 0)
 	{	/* single length octet */