diff options
| author | rob <rob@cvs.openbsd.org> | 2019-05-12 17:42:15 +0000 |
|---|---|---|
| committer | rob <rob@cvs.openbsd.org> | 2019-05-12 17:42:15 +0000 |
| commit | 6aa6288b34529fb6bd2aaeedb184f45ae0e78a16 (patch) | |
| tree | 222288bc1654c71cf4750975a694f3feeac1ca4b /lib/libutil/ber.c | |
| parent | 64f3a271926700f740e5d465c6a4d50dd7f1812d (diff) | |
In long form encoding, explicitly prohibit an initial length octet of 0xff
which is reserved for future use.
ok claudio@
Diffstat (limited to 'lib/libutil/ber.c')
| -rw-r--r-- | lib/libutil/ber.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/libutil/ber.c b/lib/libutil/ber.c index d6952515481..de13e4852ce 100644 --- a/lib/libutil/ber.c +++ b/lib/libutil/ber.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ber.c,v 1.1 2019/05/11 17:46:02 rob Exp $ */ +/* $OpenBSD: ber.c,v 1.2 2019/05/12 17:42:14 rob Exp $ */ /* * Copyright (c) 2007, 2012 Reyk Floeter <reyk@openbsd.org> @@ -1151,6 +1151,12 @@ get_len(struct ber *b, ssize_t *len) return -1; } + if (u == 0xff) { + /* Reserved for future use. */ + errno = EINVAL; + return -1; + } + n = u & ~BER_TAG_MORE; if (sizeof(ssize_t) < n) { errno = ERANGE; |