kumquat-buildroot/package/libtomcrypt/0001-fix-CVE-2019-17362.patch

30 lines
1.1 KiB
Diff
Raw Normal View History

From 25c26a3b7a9ad8192ccc923e15cf62bf0108ef94 Mon Sep 17 00:00:00 2001
From: werew <werew@ret2libc.com>
Date: Thu, 3 Oct 2019 19:57:10 +0200
Subject: [PATCH] Fixes #507
Fix a vulnerability in der_decode_utf8_string as specified here:
https://github.com/libtom/libtomcrypt/issues/507
[for import into Buildroot]
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
---
src/pk/asn1/der/utf8/der_decode_utf8_string.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/pk/asn1/der/utf8/der_decode_utf8_string.c b/src/pk/asn1/der/utf8/der_decode_utf8_string.c
index 94555b99f..d3ed82bea 100644
--- a/src/pk/asn1/der/utf8/der_decode_utf8_string.c
+++ b/src/pk/asn1/der/utf8/der_decode_utf8_string.c
@@ -65,7 +65,7 @@ int der_decode_utf8_string(const unsigned char *in, unsigned long inlen,
/* count number of bytes */
for (z = 0; (tmp & 0x80) && (z <= 4); z++, tmp = (tmp << 1) & 0xFF);
- if (z > 4 || (x + (z - 1) > inlen)) {
+ if (z == 1 || z > 4 || (x + (z - 1) > inlen)) {
return CRYPT_INVALID_PACKET;
}