From 06dab806ce3245f856618a13a262a2e4e4a19e9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 15 Aug 2013 12:24:43 +0200 Subject: [PATCH] Fix memory error in asn1_get_bitstring_null() When *len is 0, **p would be read, which is out of bounds. --- library/asn1parse.c | 2 +- tests/suites/test_suite_x509parse.data | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/asn1parse.c b/library/asn1parse.c index f6b79efd7..9d42f0591 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -220,7 +220,7 @@ int asn1_get_bitstring_null( unsigned char **p, const unsigned char *end, if( ( ret = asn1_get_tag( p, end, len, ASN1_BIT_STRING ) ) != 0 ) return( ret ); - if( --*len < 1 || *(*p)++ != 0 ) + if( (*len)-- < 2 || *(*p)++ != 0 ) return( POLARSSL_ERR_ASN1_INVALID_DATA ); return( 0 ); diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index bf13719b3..a44fc0612 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -520,7 +520,7 @@ X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring) x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101010500":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring data) -x509parse_crt:"30693067a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_OUT_OF_DATA +x509parse_crt:"30693067a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_INVALID_DATA X509 Certificate ASN1 (TBSCertificate, pubkey, invalid bitstring start) x509parse_crt:"306a3068a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_INVALID_DATA