fix MITKRB5-SA-2004-003

Fix for ASN.1 decoder denial-of-service. [MITKRB5-SA-2004-003] ticket: new target_version: 1.3.5 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16702 dc483132-0cff-0310-8789-dd5450dbe970
author: Tom Yu <tlyu@mit.edu> 2004-08-31 18:55:18 +0000
committer: Tom Yu <tlyu@mit.edu> 2004-08-31 18:55:18 +0000
commit: 9ebba8f58de27aa03abea9d7695f329d4406fa7f (patch)
tree: 4a31e8ed6743fe1beb89242278a610316a756b2f /src
parent: a37f039625cc1ddf5c66fa43e3534ded461337d3 (diff)
download: krb5-9ebba8f58de27aa03abea9d7695f329d4406fa7f.tar.gz
krb5-9ebba8f58de27aa03abea9d7695f329d4406fa7f.tar.xz
krb5-9ebba8f58de27aa03abea9d7695f329d4406fa7f.zip
2 files changed, 4 insertions, 0 deletions
diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog
index fd0bf2daf..e7ea80367 100644
--- a/src/lib/krb5/asn.1/ChangeLog
+++ b/src/lib/krb5/asn.1/ChangeLog
@@ -1,5 +1,7 @@
 2004-08-31  Tom Yu  <tlyu@mit.edu>
 
+	* asn1buf.c: Fix denial-of-service bug.
+
 	* asn1buf.c:
 	* krb5_decode.c: Fix double-free vulnerabilities.
 
diff --git a/src/lib/krb5/asn.1/asn1buf.c b/src/lib/krb5/asn.1/asn1buf.c
index 566d41e7b..8baac2424 100644
--- a/src/lib/krb5/asn.1/asn1buf.c
+++ b/src/lib/krb5/asn.1/asn1buf.c
@@ -122,6 +122,8 @@ asn1_error_code asn1buf_skiptail(asn1buf *buf, const unsigned int length, const
       return ASN1_OVERRUN;
   }
   while (nestlevel > 0) {
+    if (buf->bound - buf->next + 1 <= 0)
+      return ASN1_OVERRUN;
     retval = asn1_get_tag_2(buf, &t);
     if (retval) return retval;
     if (!t.indef) {
author	Tom Yu <tlyu@mit.edu>	2004-08-31 18:55:18 +0000
committer	Tom Yu <tlyu@mit.edu>	2004-08-31 18:55:18 +0000
commit	9ebba8f58de27aa03abea9d7695f329d4406fa7f (patch)
tree	4a31e8ed6743fe1beb89242278a610316a756b2f /src
parent	a37f039625cc1ddf5c66fa43e3534ded461337d3 (diff)
download	krb5-9ebba8f58de27aa03abea9d7695f329d4406fa7f.tar.gz krb5-9ebba8f58de27aa03abea9d7695f329d4406fa7f.tar.xz krb5-9ebba8f58de27aa03abea9d7695f329d4406fa7f.zip