From 25c26a3b7a9ad8192ccc923e15cf62bf0108ef94 Mon Sep 17 00:00:00 2001 From: werew Date: Thu, 3 Oct 2019 19:57:10 +0200 Subject: [PATCH] Fixes #507 Fix a vulnerability in der_decode_utf8_string as specified here: https://github.com/libtom/libtomcrypt/issues/507 [for import into Buildroot] Signed-off-by: Thomas De Schampheleire --- src/pk/asn1/der/utf8/der_decode_utf8_string.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pk/asn1/der/utf8/der_decode_utf8_string.c b/src/pk/asn1/der/utf8/der_decode_utf8_string.c index 94555b99f..d3ed82bea 100644 --- a/src/pk/asn1/der/utf8/der_decode_utf8_string.c +++ b/src/pk/asn1/der/utf8/der_decode_utf8_string.c @@ -65,7 +65,7 @@ int der_decode_utf8_string(const unsigned char *in, unsigned long inlen, /* count number of bytes */ for (z = 0; (tmp & 0x80) && (z <= 4); z++, tmp = (tmp << 1) & 0xFF); - if (z > 4 || (x + (z - 1) > inlen)) { + if (z == 1 || z > 4 || (x + (z - 1) > inlen)) { return CRYPT_INVALID_PACKET; }