asn1: additional sanity checking during BER decoding (CVE-2008-1673) (ce76a6f4) · Commits · linux-arm / linux-sh

Commit ce76a6f4 authored Jul 14, 2008 by Chris Wright Committed by Adrian Bunk Jul 14, 2008

asn1: additional sanity checking during BER decoding (CVE-2008-1673)



- Don't trust a length which is greater than the working buffer.
  An invalid length could cause overflow when calculating buffer size
  for decoding oid.

- An oid length of zero is invalid and allows for an off-by-one error when
  decoding oid because the first subid actually encodes first 2 subids.

- A primitive encoding may not have an indefinite length.

Thanks to Wei Wang from McAfee for report.

Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Adrian Bunk <bunk@kernel.org>

parent b9954f3d

Hide whitespace changes

Inline Side-by-side

Please register or to comment