diff options
| author | rob <rob@cvs.openbsd.org> | 2019-05-12 18:11:52 +0000 |
|---|---|---|
| committer | rob <rob@cvs.openbsd.org> | 2019-05-12 18:11:52 +0000 |
| commit | 2a03bceaad425dceec26ca3e65f26b2bf6e157fe (patch) | |
| tree | f2cfb4f27d6577e0aa9ab6c450cbe1dc6a6e3064 /lib/libutil | |
| parent | 4050617e76fd2f6209402689c36efbb3d0b7b46d (diff) | |
Fail early if a (universal) primitive type identifies as constructed, or if a
boolean has a contents length other than 1.
ok claudio@
Diffstat (limited to 'lib/libutil')
| -rw-r--r-- | lib/libutil/ber.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/lib/libutil/ber.c b/lib/libutil/ber.c index 2d242f75b53..cbb56b57aff 100644 --- a/lib/libutil/ber.c +++ b/lib/libutil/ber.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ber.c,v 1.3 2019/05/12 17:50:32 rob Exp $ */ +/* $OpenBSD: ber.c,v 1.4 2019/05/12 18:11:51 rob Exp $ */ /* * Copyright (c) 2007, 2012 Reyk Floeter <reyk@openbsd.org> @@ -1207,6 +1207,18 @@ ber_read_element(struct ber *ber, struct ber_element *elm) DPRINTF("ber read element size %zd\n", len); totlen += r + len; + /* The encoding of boolean, integer, enumerated, and null values + * must be primitive. */ + if (class == BER_CLASS_UNIVERSAL) + if (type == BER_TYPE_BOOLEAN || + type == BER_TYPE_INTEGER || + type == BER_TYPE_ENUMERATED || + type == BER_TYPE_NULL) + if (cstruct) { + errno = EINVAL; + return -1; + } + /* If the total size of the element is larger than the buffer * don't bother to continue. */ if (len > ber->br_rend - ber->br_rptr) { @@ -1241,6 +1253,10 @@ ber_read_element(struct ber *ber, struct ber_element *elm) case BER_TYPE_EOC: /* End-Of-Content */ break; case BER_TYPE_BOOLEAN: + if (len != 1) { + errno = EINVAL; + return -1; + } case BER_TYPE_INTEGER: case BER_TYPE_ENUMERATED: if (len > (ssize_t)sizeof(long long)) |