asn1: Fix handling of invalid ASN.1 length in is_asn1()
authorTobias Brunner <tobias@strongswan.org>
Mon, 29 Jul 2013 21:45:38 +0000 (23:45 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 31 Jul 2013 20:16:58 +0000 (22:16 +0200)
Fixes CVE-2013-5018.

src/libstrongswan/asn1/asn1.c

index 68f37f4..d860ad9 100644 (file)
@@ -642,6 +642,11 @@ bool is_asn1(chunk_t blob)
 
        len = asn1_length(&blob);
 
+       if (len == ASN1_INVALID_LENGTH)
+       {
+               return FALSE;
+       }
+
        /* exact match */
        if (len == blob.len)
        {