asn1: additional sanity checking during BER decoding - linux

diff options

author	Chris Wright <chrisw@sous-sol.org>	2008-06-04 18:16:33 +0200
committer	Linus Torvalds <torvalds@linux-foundation.org>	2008-06-05 23:24:54 +0200
commit	ddb2c43594f22843e9f3153da151deaba1a834c5 (patch)
tree	7eeeca2fa55e9ef45c381b01d9e3ec1b726297c1 /Documentation/SubmittingPatches
parent	Add 'rd' alias to new brd ramdisk driver (diff)
download	linux-ddb2c43594f22843e9f3153da151deaba1a834c5.tar.xz linux-ddb2c43594f22843e9f3153da151deaba1a834c5.zip

asn1: additional sanity checking during BER decoding

- Don't trust a length which is greater than the working buffer. An invalid length could cause overflow when calculating buffer size for decoding oid. - An oid length of zero is invalid and allows for an off-by-one error when decoding oid because the first subid actually encodes first 2 subids. - A primitive encoding may not have an indefinite length. Thanks to Wei Wang from McAfee for report. Cc: Steven French <sfrench@us.ibm.com> Cc: stable@kernel.org Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Diffstat (limited to 'Documentation/SubmittingPatches')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: