Fix DER decoding of UTF-8 Strings

Don't read more than the length indicated by the length field.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
This commit is contained in:
Steffen Jaeckel 2023-06-20 16:49:05 +02:00 committed by Jamie Reece Wilson
parent d8d99887b5
commit d463dab6d6

View File

@ -56,7 +56,8 @@ int der_decode_utf8_string(const unsigned char *in, unsigned long inlen,
https://tools.ietf.org/html/rfc3629#section-3 https://tools.ietf.org/html/rfc3629#section-3
*/ */
for (y = 0; x < inlen; ) { len += x;
for (y = 0; x < len; ) {
/* read first byte */ /* read first byte */
tmp = in[x++]; tmp = in[x++];
@ -87,7 +88,7 @@ int der_decode_utf8_string(const unsigned char *in, unsigned long inlen,
/* now update z so it equals the number of additional bytes to read */ /* now update z so it equals the number of additional bytes to read */
if (z > 0) { --z; } if (z > 0) { --z; }
if (x + z > inlen) { if (x + z > len) {
return CRYPT_INVALID_PACKET; return CRYPT_INVALID_PACKET;
} }