34 lines
1.1 KiB
Diff
34 lines
1.1 KiB
Diff
|
From 7e90aed666e809c0db5de9d1816802a7dcea28d9 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Dario Lombardo <lomato@gmail.com>
|
||
|
|
Date: Mon, 24 Jun 2019 23:36:15 +0200
|
||
|
|
Subject: [PATCH] asn1: don't increment a buffer beyond its end.
|
||
|
|
|
||
|
|
Bug: 15870
|
||
|
|
Change-Id: I04cbb822f0e77c8e0ac8513e3a5c13116920ca6e
|
||
|
|
Reviewed-on: https://code.wireshark.org/review/33731
|
||
|
|
Petri-Dish: Anders Broman <a.broman58@gmail.com>
|
||
|
|
Tested-by: Petri Dish Buildbot
|
||
|
|
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
||
|
|
(cherry picked from commit 45a3d0787f3c9f6f5fb5b53a8c29771b3f28e406)
|
||
|
|
Reviewed-on: https://code.wireshark.org/review/33736
|
||
|
|
Petri-Dish: Dario Lombardo <lomato@gmail.com>
|
||
|
|
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
||
|
|
---
|
||
|
|
epan/asn1.c | 3 +++
|
||
|
|
1 file changed, 3 insertions(+)
|
||
|
|
|
||
|
|
diff --git a/epan/asn1.c b/epan/asn1.c
|
||
|
|
index bf30529cc6..1faef845ee 100644
|
||
|
|
--- a/epan/asn1.c
|
||
|
|
+++ b/epan/asn1.c
|
||
|
|
@@ -234,6 +234,9 @@ double asn1_get_real(const guint8 *real_ptr, gint len) {
|
||
|
|
DISSECTOR_ASSERT_NOT_REACHED();
|
||
|
|
}
|
||
|
|
|
||
|
|
+ /* Ensure the buffer len and its content are coherent */
|
||
|
|
+ DISSECTOR_ASSERT(lenE < len - 1);
|
||
|
|
+
|
||
|
|
Eneg = (*p) & 0x80 ? TRUE : FALSE;
|
||
|
|
for (i = 0; i < lenE; i++) {
|
||
|
|
if(Eneg) {
|