Skip to content
Permalink
Browse files Browse the repository at this point in the history
fixed out of bounds access of ASN.1 Bitstring
Credit to OSS-Fuzz
  • Loading branch information
frankmorgner committed Aug 27, 2019
1 parent 2bfd022 commit 412a614
Showing 1 changed file with 8 additions and 4 deletions.
12 changes: 8 additions & 4 deletions src/libopensc/asn1.c
Expand Up @@ -570,16 +570,20 @@ static int decode_bit_string(const u8 * inbuf, size_t inlen, void *outbuf,
{
const u8 *in = inbuf;
u8 *out = (u8 *) outbuf;
int zero_bits = *in & 0x07;
size_t octets_left = inlen - 1;
int i, count = 0;
int zero_bits;
size_t octets_left;

memset(outbuf, 0, outlen);
in++;
if (outlen < octets_left)
return SC_ERROR_BUFFER_TOO_SMALL;
if (inlen < 1)
return SC_ERROR_INVALID_ASN1_OBJECT;

zero_bits = *in & 0x07;
octets_left = inlen - 1;
in++;
memset(outbuf, 0, outlen);

while (octets_left) {
/* 1st octet of input: ABCDEFGH, where A is the MSB */
/* 1st octet of output: HGFEDCBA, where A is the LSB */
Expand Down

0 comments on commit 412a614

Please sign in to comment.