diff options
| author |   rob <rob@openbsd.org> | 2019-05-12 20:13:08 +0000 |
|---|---|---|
| committer | rob <rob@openbsd.org> | 2019-05-12 20:13:08 +0000 |
| commit | b0a6858b39f8e578327854cf19f7b001dac0068f (patch) | |
| tree | 98548a4dbd0dddfae54ef774a4302d422898e63c | |
| parent | remove unused STUB definition (diff) | |
| download | wireguard-openbsd-b0a6858b39f8e578327854cf19f7b001dac0068f.tar.xz wireguard-openbsd-b0a6858b39f8e578327854cf19f7b001dac0068f.zip | |
Enforce smallest number of contents octets for int (and enum).
ok claudio@
| -rw-r--r-- | lib/libutil/ber.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/libutil/ber.c b/lib/libutil/ber.c index cbb56b57aff..3424a78e0e3 100644 --- a/lib/libutil/ber.c +++ b/lib/libutil/ber.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ber.c,v 1.4 2019/05/12 18:11:51 rob Exp $ */ +/* $OpenBSD: ber.c,v 1.5 2019/05/12 20:13:08 rob Exp $ */ /* * Copyright (c) 2007, 2012 Reyk Floeter <reyk@openbsd.org> @@ -1195,7 +1195,7 @@ ber_read_element(struct ber *ber, struct ber_element *elm) unsigned int type; int i, class, cstruct, elements = 0; ssize_t len, r, totlen = 0; - u_char c; + u_char c, last = 0; if ((r = get_id(ber, &type, &class, &cstruct)) == -1) return -1; @@ -1264,8 +1264,15 @@ ber_read_element(struct ber *ber, struct ber_element *elm) for (i = 0; i < len; i++) { if (ber_getc(ber, &c) != 1) return -1; + + /* smallest number of contents octets only */ + if ((i == 1 && last == 0 && (c & 0x80) == 0) || + (i == 1 && last == 0xff && (c & 0x80) != 0)) + return -1; + val <<= 8; val |= c; + last = c; } /* sign extend if MSB is set */ |