| From 25c26a3b7a9ad8192ccc923e15cf62bf0108ef94 Mon Sep 17 00:00:00 2001 |
| From: werew <werew@ret2libc.com> |
| Date: Thu, 3 Oct 2019 19:57:10 +0200 |
| Subject: [PATCH] Fixes #507 |
| |
| Fix a vulnerability in der_decode_utf8_string as specified here: |
| https://github.com/libtom/libtomcrypt/issues/507 |
| |
| [for import into Buildroot] |
| Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> |
| |
| |
| --- |
| src/pk/asn1/der/utf8/der_decode_utf8_string.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/src/pk/asn1/der/utf8/der_decode_utf8_string.c b/src/pk/asn1/der/utf8/der_decode_utf8_string.c |
| index 94555b99f..d3ed82bea 100644 |
| --- a/src/pk/asn1/der/utf8/der_decode_utf8_string.c |
| +++ b/src/pk/asn1/der/utf8/der_decode_utf8_string.c |
| @@ -65,7 +65,7 @@ int der_decode_utf8_string(const unsigned char *in, unsigned long inlen, |
| /* count number of bytes */ |
| for (z = 0; (tmp & 0x80) && (z <= 4); z++, tmp = (tmp << 1) & 0xFF); |
| |
| - if (z > 4 || (x + (z - 1) > inlen)) { |
| + if (z == 1 || z > 4 || (x + (z - 1) > inlen)) { |
| return CRYPT_INVALID_PACKET; |
| } |
| |
