* asn1_get.c (asn1_get_length): Check for negative length.

[pullup from 1-2-2-branch] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14560 dc483132-0cff-0310-8789-dd5450dbe970
author: Tom Yu <tlyu@mit.edu> 2002-06-24 19:20:51 +0000
committer: Tom Yu <tlyu@mit.edu> 2002-06-24 19:20:51 +0000
commit: 5bab480155fa5dfc016c1a8e9829df449c9ea0a5 (patch)
tree: 7ceb5ac80a7cd21cc09c6d00efb823847155e4d2 /src/lib
parent: 61682d68c205903a38b2f55beb84618ed76574f4 (diff)
2 files changed, 7 insertions, 0 deletions
diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog
index e1b6743d0..8dace6e09 100644
--- a/src/lib/krb5/asn.1/ChangeLog
+++ b/src/lib/krb5/asn.1/ChangeLog
@@ -1,3 +1,8 @@
+2002-06-24  Tom Yu  <tlyu@mit.edu>
+
+	* asn1_get.c (asn1_get_length): Check for negative length.
+	[pullup from 1-2-2-branch]
+
 2002-04-09  Ken Raeburn  <raeburn@mit.edu>
 
 	* asn1buf.c (asn1buf_remove_octetstring,
diff --git a/src/lib/krb5/asn.1/asn1_get.c b/src/lib/krb5/asn.1/asn1_get.c
index fc945f115..1652db109 100644
--- a/src/lib/krb5/asn.1/asn1_get.c
+++ b/src/lib/krb5/asn.1/asn1_get.c
@@ -145,6 +145,8 @@ asn1_error_code asn1_get_length(buf, retlen, indef)
       if(retval) return retval;
       len = (len<<8) + (int)o;
     }
+    if (len < 0)
+      return ASN1_OVERRUN;
     if (indef != NULL && !len)
       *indef = 1;
     if(retlen != NULL) *retlen = len;
author	Tom Yu <tlyu@mit.edu>	2002-06-24 19:20:51 +0000
committer	Tom Yu <tlyu@mit.edu>	2002-06-24 19:20:51 +0000
commit	5bab480155fa5dfc016c1a8e9829df449c9ea0a5 (patch)
tree	7ceb5ac80a7cd21cc09c6d00efb823847155e4d2 /src/lib
parent	61682d68c205903a38b2f55beb84618ed76574f4 (diff)