Overview
| Comment: | Fixed issue with NULL tags found with AFL fuzzing |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: | 74d7607e3c424610f674dd55ccecfc73aca21985 |
| User & Date: | rkeene on 2015-07-24 15:10:49 |
| Other Links: | manifest | tags |
Context
|
2015-07-24
| ||
| 15:11 | Better cleanup now that we exclude some bytes in debug printing buffer check-in: 75b2699549 user: rkeene tags: trunk | |
| 15:10 | Fixed issue with NULL tags found with AFL fuzzing check-in: 74d7607e3c user: rkeene tags: trunk | |
| 04:11 | Further failure to free on error repaired and start of AFL testing code added. check-in: 8299a1c4f7 user: rkeene tags: trunk | |
Changes
Modified asn1-x509.c from [f9aa197383] to [6a950ab433].
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
..
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
} buf_p = buf; outbuf->tag = *buf_p; buf_p++; buflen--; if (buflen == 0) { return(-1); } /* NULL Tag -- no size is required */ if (outbuf->tag == 0x00) { return(_asn1_x509_read_asn1_object(buf_p, buflen, args)); } small_object_size = *buf_p; buf_p++; buflen--; if (buflen == 0) { return(-1); } ................................................................................ for (small_object_size ^= 0x80; small_object_size; small_object_size--) { outbuf->size <<= 8; outbuf->size += *buf_p; buf_p++; buflen--; if (buflen == 0) { break; } } } else { outbuf->size = small_object_size; } if (outbuf->size > buflen) { return(-1); } outbuf->contents = buf_p; outbuf->asn1rep_len = outbuf->size + (buf_p - buf); outbuf->asn1rep = buf; buf_p += outbuf->size; buflen -= outbuf->size; return(_asn1_x509_read_asn1_object(buf_p, buflen, args)); |
<
<
<
>
>
>
>
>
>
>
>
>
>
|
>
>
|
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
..
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
}
buf_p = buf;
outbuf->tag = *buf_p;
buf_p++;
buflen--;
/* NULL Tag -- no size is required */
if (outbuf->tag == 0x00) {
outbuf->size = 0;
outbuf->asn1rep_len = 1;
outbuf->asn1rep = buf;
return(_asn1_x509_read_asn1_object(buf_p, buflen, args));
}
if (buflen == 0) {
return(-1);
}
small_object_size = *buf_p;
buf_p++;
buflen--;
if (buflen == 0) {
return(-1);
}
................................................................................
for (small_object_size ^= 0x80; small_object_size; small_object_size--) {
outbuf->size <<= 8;
outbuf->size += *buf_p;
buf_p++;
buflen--;
if (buflen == 0) {
break;
}
}
} else {
outbuf->size = small_object_size;
}
if (outbuf->size > buflen) {
return(-1);
}
if (buflen != 0) {
outbuf->contents = buf_p;
}
outbuf->asn1rep_len = outbuf->size + (buf_p - buf);
outbuf->asn1rep = buf;
buf_p += outbuf->size;
buflen -= outbuf->size;
return(_asn1_x509_read_asn1_object(buf_p, buflen, args));
|