diff options
author | Tom Yu <tlyu@mit.edu> | 2007-09-13 23:51:32 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2007-09-13 23:51:32 +0000 |
commit | 66edbde71866aa8b4718a04689b37d5c634d1079 (patch) | |
tree | 1f09b90c9f91d96097c1ad9223e2100684a6012c /src | |
parent | 161f397dbcccf6cf824eee00151ea89c12a1436c (diff) | |
download | krb5-66edbde71866aa8b4718a04689b37d5c634d1079.tar.gz krb5-66edbde71866aa8b4718a04689b37d5c634d1079.tar.xz krb5-66edbde71866aa8b4718a04689b37d5c634d1079.zip |
In the pkinit decoders, set up things properly so that asn1buf_sync()
behaves correctly and isn't acting on uninitialized variables.
ticket: 5704
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19935 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/krb5/asn.1/asn1_k_decode.c | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c index 087c949b76..b495ebf0dc 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.c +++ b/src/lib/krb5/asn.1/asn1_k_decode.c @@ -207,8 +207,6 @@ asn1buf subbuf; \ int seqindef; \ int indef; \ - unused_var(taglen); \ - unused_var(construction); \ retval = asn1_get_sequence(buf, &length, &seqindef); \ if (retval) return retval; \ retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \ @@ -1329,6 +1327,22 @@ asn1_error_code asn1_decode_algorithm_identifier(asn1buf *buf, krb5_algorithm_i setup(); { begin_structure_no_tag(); + /* + * Forbid indefinite encoding because we don't read enough tag + * information from the trailing octets ("ANY DEFINED BY") to + * synchronize EOC tags, etc. + */ + if (seqindef) return ASN1_BAD_FORMAT; + /* + * Set up tag variables because we don't actually call anything + * that fetches tag info for us; it's all buried in the decoder + * primitives. + */ + tagnum = ASN1_TAGNUM_CEILING; + asn1class = UNIVERSAL; + construction = PRIMITIVE; + taglen = 0; + indef = 0; retval = asn1_decode_oid(&subbuf, &val->algorithm.length, &val->algorithm.data); if(retval) return retval; @@ -1376,7 +1390,12 @@ asn1_error_code asn1_decode_subject_pk_info(asn1buf *buf, krb5_subject_pk_info * retval = asn1buf_remove_octetstring(&subbuf, taglen, &val->subjectPublicKey.data); if(retval) return retval; - val->subjectPublicKey.length = taglen; + val->subjectPublicKey.length = taglen; + /* + * We didn't call any macro that does next_tag(); do so now to + * preload tag of any trailing encodings. + */ + next_tag(); end_structure(); } cleanup(); |