AuroraMiddleware/libtomcrypt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix DER decoding of UTF-8 Strings

Browse Source 
Don't read more than the length indicated by the length field.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
This commit is contained in:
Steffen Jaeckel 2023-06-20 16:49:05 +02:00 committed by Jamie Reece Wilson
parent d8d99887b5
commit d463dab6d6
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/pk/asn1/der/utf8/der_decode_utf8_string.c
View File

@ -56,7 +56,8 @@ int der_decode_utf8_string(const unsigned char *in, unsigned long inlen,
https://tools.ietf.org/html/rfc3629#section-3
*/
for (y = 0; x < inlen; ) {
len += x;
for (y = 0; x < len; ) {
/* read first byte */
tmp = in[x++];
@ -87,7 +88,7 @@ int der_decode_utf8_string(const unsigned char *in, unsigned long inlen,
/* now update z so it equals the number of additional bytes to read */
if (z > 0) { --z; }
if (x + z > inlen) {
if (x + z > len) {
return CRYPT_INVALID_PACKET;
}