diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/krb5/asn.1/ChangeLog | 6 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_get.c | 3 |
2 files changed, 8 insertions, 1 deletions
diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog index a076861ef..e0c1f427f 100644 --- a/src/lib/krb5/asn.1/ChangeLog +++ b/src/lib/krb5/asn.1/ChangeLog @@ -1,3 +1,9 @@ +2000-09-26 Tom Yu <tlyu@mit.edu> + + * asn1_get.c (asn1_get_tag_indef): Fix to not deref random garbage + while checking for EOC encoding. At least the indefinite decoding + breaks consistently now. + 2000-08-07 Ezra Peisach <epeisach@mit.edu> * asn1_k_decode.c (asn1_decode_last_req_entry): Decode the lr_type diff --git a/src/lib/krb5/asn.1/asn1_get.c b/src/lib/krb5/asn.1/asn1_get.c index 9715b0373..c8a50ad61 100644 --- a/src/lib/krb5/asn.1/asn1_get.c +++ b/src/lib/krb5/asn.1/asn1_get.c @@ -43,7 +43,8 @@ asn1_get_tag_indef(buf, class, construction, tagnum, retlen, indef) return 0; } /* Allow for the indefinite encoding */ - if ( !*(buf->next) && !*(buf->next + 1)) { + if ((buf->bound - buf->next + 1 >= 2) + && !*(buf->next) && !*(buf->next + 1)) { buf->next += 2; *tagnum = ASN1_TAGNUM_CEILING; return 0; |