Skip to content

Commit

Permalink
Return error when a bit string indicates an invalid amount of bits left
Browse files Browse the repository at this point in the history
Reviewed-by: Matt Caswell <matt@openssl.org>
  • Loading branch information
kroeckx committed Dec 18, 2014
1 parent fcd9b10 commit 86edf13
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 1 deletion.
7 changes: 6 additions & 1 deletion crypto/asn1/a_bitstr.c
Original file line number Diff line number Diff line change
Expand Up @@ -136,11 +136,16 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,

p= *pp;
i= *(p++);
if (i > 7)
{
i=ASN1_R_INVALID_BIT_STRING_BITS_LEFT;
goto err;
}
/* We do this to preserve the settings. If we modify
* the settings, via the _set_bit function, we will recalculate
* on output */
ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */
ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|i); /* set */

if (len-- > 1) /* using one because of the bits left byte */
{
Expand Down
1 change: 1 addition & 0 deletions crypto/asn1/asn1.h
Original file line number Diff line number Diff line change
Expand Up @@ -1329,6 +1329,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_ILLEGAL_TIME_VALUE 184
#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185
#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128
#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220
#define ASN1_R_INVALID_BMPSTRING_LENGTH 129
#define ASN1_R_INVALID_DIGIT 130
#define ASN1_R_INVALID_MIME_TYPE 205
Expand Down
1 change: 1 addition & 0 deletions crypto/asn1/asn1_err.c
Original file line number Diff line number Diff line change
Expand Up @@ -246,6 +246,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE) ,"illegal time value"},
{ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"},
{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
{ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),"invalid bit string bits left"},
{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
{ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"},
{ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"},
Expand Down

0 comments on commit 86edf13

Please sign in to comment.