~ubuntu-branches/ubuntu/lucid/libtasn1-3/lucid-security

« back to all changes in this revision

Viewing changes to lib/coding.c

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2015-04-02 11:27:53 UTC
  • Revision ID: package-import@ubuntu.com-20150402112753-ek5d5e0lzmg7r3mr
Tags: 2.4-1ubuntu0.3
* SECURITY UPDATE: denial of service and possible code execution via
  overflow in _asn1_ltostr
  - debian/patches/CVE-2015-2806.patch: introduce LTOSTR_MAX_SIZE and use
    in lib/coding.c, lib/decoding.c, lib/element.c, lib/parser_aux.c,
    lib/parser_aux.h.
  - CVE-2015-2806

Show diffs side-by-side

added added

removed removed

Lines of Context:
35
35
 
36
36
#define MAX_TAG_LEN 16
37
37
 
 
38
#ifndef MAX
 
39
# define MAX(a,b) ((a) > (b) ? (a) : (b))
 
40
#endif
 
41
 
38
42
/******************************************************/
39
43
/* Function : _asn1_error_description_value_not_found */
40
44
/* Description: creates the ErrorDescription string   */
448
452
{
449
453
  ASN1_TYPE p;
450
454
  int tag_len, is_tag_implicit;
451
 
  unsigned char class, class_implicit = 0, temp[SIZEOF_UNSIGNED_INT * 3 + 1];
 
455
  unsigned char class, class_implicit = 0, temp[MAX(SIZEOF_UNSIGNED_INT * 3 + 1, LTOSTR_MAX_SIZE)];
452
456
  unsigned long tag_implicit = 0;
453
457
  char tag_der[MAX_TAG_LEN];
454
458
 
874
878
                 char *ErrorDescription)
875
879
{
876
880
  ASN1_TYPE node, p, p2;
877
 
  char temp[SIZEOF_UNSIGNED_LONG_INT * 3 + 1];
 
881
  char temp[MAX(LTOSTR_MAX_SIZE, SIZEOF_UNSIGNED_LONG_INT * 3 + 1)];
878
882
  int counter, counter_old, len2, len3, tlen, move, max_len, max_len_old;
879
883
  asn1_retCode err;
880
884
  unsigned char *der = ider;