From 4d4f992826a4962790ecd0cce6fbba4a415ce149 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos <nmav@gnutls.org> Date: Thu, 26 Mar 2015 18:34:57 +0100 Subject: [PATCH] increased size of LTOSTR_MAX_SIZE to account for sign and null byte MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This address an overflow found by Hanno Böck in DER decoding. --- lib/parser_aux.c | 4 ++-- lib/parser_aux.h | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/parser_aux.c b/lib/parser_aux.c index d3e9009..da9a388 100644 --- a/lib/parser_aux.c +++ b/lib/parser_aux.c @@ -543,7 +543,7 @@ _asn1_delete_list_and_nodes (void) char * -_asn1_ltostr (long v, char *str) +_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE]) { long d, r; char temp[LTOSTR_MAX_SIZE]; @@ -567,7 +567,7 @@ _asn1_ltostr (long v, char *str) count++; v = d; } - while (v); + while (v && ((start+count) < LTOSTR_MAX_SIZE-1)); for (k = 0; k < count; k++) str[k + start] = temp[start + count - k - 1]; diff --git a/lib/parser_aux.h b/lib/parser_aux.h index 55d9061..437f1c8 100644 --- a/lib/parser_aux.h +++ b/lib/parser_aux.h @@ -52,8 +52,9 @@ void _asn1_delete_list (void); void _asn1_delete_list_and_nodes (void); -#define LTOSTR_MAX_SIZE 20 -char *_asn1_ltostr (long v, char *str); +/* Max 64-bit integer length is 20 chars + 1 for sign + 1 for null termination */ +#define LTOSTR_MAX_SIZE 22 +char *_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE]); asn1_node _asn1_find_up (asn1_node node); -- 1.7.2.5