~ubuntu-branches/ubuntu/lucid/libtasn1-3/lucid-security

« back to all changes in this revision

Viewing changes to lib/decoding.c

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2015-04-02 11:27:53 UTC
  • Revision ID: package-import@ubuntu.com-20150402112753-ek5d5e0lzmg7r3mr
Tags: 2.4-1ubuntu0.3
* SECURITY UPDATE: denial of service and possible code execution via
  overflow in _asn1_ltostr
  - debian/patches/CVE-2015-2806.patch: introduce LTOSTR_MAX_SIZE and use
    in lib/coding.c, lib/decoding.c, lib/element.c, lib/parser_aux.c,
    lib/parser_aux.h.
  - CVE-2015-2806

Show diffs side-by-side

added added

removed removed

Lines of Context:
286
286
{
287
287
  int len_len, len, k;
288
288
  int leading;
289
 
  char temp[20];
 
289
  char temp[LTOSTR_MAX_SIZE];
290
290
  unsigned long val, val1, prev_val;
291
291
 
292
292
  *ret_len = 0;