| 12345678910111213141516 |
- Subject: PR/6: tobias: out of boundary read in DER parser
- Origin: FILE5_33-34-g72e9a7fe <https://github.com/file/file/commit/FILE5_33-34-g72e9a7fe>
- Upstream-Author: Christos Zoulas <christos@zoulas.com>
- Date: Sat Jun 23 15:15:26 2018 +0000
- --- a/src/der.c
- +++ b/src/der.c
- @@ -199,7 +199,7 @@
- for (i = 0; i < digits; i++)
- len = (len << 8) | c[(*p)++];
-
- - if (*p + len >= l)
- + if (len > UINT32_MAX - *p || *p + len >= l)
- return DER_BAD;
- return CAST(uint32_t, len);
- }
|
