1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
From b91a75fb2a91a1c7c1a068b25ee073f308f2c7ca Mon Sep 17 00:00:00 2001
From: mancha <mancha1@zoho.com>
Date: Mon, 2 Jun 2014
Subject: CVE-2014-3467
This is a backport adaptation for use with GnuTLS 2.8.6.
Relevant upstream commit(s):
-------------------------
http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=ff3b5c68cc32e3
http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=51612fca32dda4
---
lib/minitasn1/decoding.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/lib/minitasn1/decoding.c
+++ b/lib/minitasn1/decoding.c
@@ -135,7 +135,7 @@ asn1_get_tag_der (const unsigned char *d
/* Long form */
punt = 1;
ris = 0;
- while (punt <= der_len && der[punt] & 128)
+ while (punt < der_len && der[punt] & 128)
{
int last = ris;
ris = ris * 128 + (der[punt++] & 0x7F);
@@ -245,7 +245,7 @@ _asn1_get_time_der (const unsigned char
if (der_len <= 0 || str == NULL)
return ASN1_DER_ERROR;
str_len = asn1_get_length_der (der, der_len, &len_len);
- if (str_len < 0 || str_size < str_len)
+ if (str_len <= 0 || str_size < str_len)
return ASN1_DER_ERROR;
memcpy (str, der + len_len, str_len);
str[str_len] = 0;
@@ -273,7 +273,7 @@ _asn1_get_objectid_der (const unsigned c
return ASN1_GENERIC_ERROR;
len = asn1_get_length_der (der, der_len, &len_len);
- if (len < 0 || len > der_len || len_len > der_len)
+ if (len <= 0 || len > der_len || len_len > der_len)
return ASN1_DER_ERROR;
val1 = der[len_len] / 40;
|
