Skip to content
This repository has been archived by the owner on Jan 27, 2019. It is now read-only.

Commit

Permalink
asn1: Properly check length in asn1_unwrap()
Browse files Browse the repository at this point in the history 
Fixes CVE-2014-2891 in strongSwan releases 4.3.3-5.1.1.

Signed-off-by: Daniil Baturin <daniil@baturin.org>
  • Loading branch information
@tobiasbrunner @dmbaturin
tobiasbrunner authored and dmbaturin committed May 8, 2014
1 parent 60eab75 commit 96c4e0c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/libstrongswan/asn1/asn1.c
View file
Expand Up @@ -295,7 +295,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner)
else
{ /* composite length, determine number of length octets */
len &= 0x7f;
if (len == 0 || len > sizeof(res.len))
if (len == 0 || len > blob->len || len > sizeof(res.len))
{
return ASN1_INVALID;
}
Expand Down

0 comments on commit 96c4e0c

Please sign in to comment.