arne
/
cryptopp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix possible DoS in ASN.1 decoders (CVE-2016-9939)

pull/347/head
Gergely Nagy 2016-12-14 13:19:01 +01:00
parent 20c5824807
commit 3d9181d7bd
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
asn.cpp
View File

@ -123,6 +123,8 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, SecByteBlock &str)
size_t bc;
if (!BERLengthDecode(bt, bc))
BERDecodeError();
if (bc > bt.MaxRetrievable())
BERDecodeError();
str.New(bc);
if (bc != bt.Get(str, bc))
@ -139,6 +141,8 @@ size_t BERDecodeOctetString(BufferedTransformation &bt, BufferedTransformation &
size_t bc;
if (!BERLengthDecode(bt, bc))
BERDecodeError();
if (bc > bt.MaxRetrievable())
BERDecodeError();
bt.TransferTo(str, bc);
return bc;
@ -161,6 +165,8 @@ size_t BERDecodeTextString(BufferedTransformation &bt, std::string &str, byte as
size_t bc;
if (!BERLengthDecode(bt, bc))
BERDecodeError();
if (bc > bt.MaxRetrievable())
BERDecodeError();
SecByteBlock temp(bc);
if (bc != bt.Get(temp, bc))
@ -188,6 +194,10 @@ size_t BERDecodeBitString(BufferedTransformation &bt, SecByteBlock &str, unsigne
size_t bc;
if (!BERLengthDecode(bt, bc))
BERDecodeError();
if (bc == 0)
BERDecodeError();
if (bc > bt.MaxRetrievable())
BERDecodeError();
byte unused;
if (!bt.Get(unused))

2
asn.h
View File

@ -498,6 +498,8 @@ void BERDecodeUnsigned(BufferedTransformation &in, T &w, byte asnTag = INTEGER,
bool definite = BERLengthDecode(in, bc);
if (!definite)
BERDecodeError();
if (bc > in.MaxRetrievable())
BERDecodeError();
SecByteBlock buf(bc);