diff options
| author | Jay Satiro <raysatiro@yahoo.com> | 2016-11-24 19:43:20 -0500 |
|---|---|---|
| committer | Jay Satiro <raysatiro@yahoo.com> | 2016-11-24 19:43:20 -0500 |
| commit | 2127457018d22034cb5ea977db654bd603078fc9 (patch) | |
| tree | ca63bd39974addac624a35818a68d26b7ff74314 /lib/x509asn1.c | |
| parent | 7d967c80bc72a42bce6e995fdcda3a5b544d0621 (diff) | |
| download | gnurl-2127457018d22034cb5ea977db654bd603078fc9.tar.gz gnurl-2127457018d22034cb5ea977db654bd603078fc9.tar.bz2 gnurl-2127457018d22034cb5ea977db654bd603078fc9.zip | |
x509asn1: Restore the parameter check in Curl_getASN1Element
- Restore the removed parts of the parameter check.
Follow-up to 945f60e which altered the parameter check.
Diffstat (limited to 'lib/x509asn1.c')
| -rw-r--r-- | lib/x509asn1.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/lib/x509asn1.c b/lib/x509asn1.c index 96794d77e..acd98e492 100644 --- a/lib/x509asn1.c +++ b/lib/x509asn1.c @@ -41,7 +41,7 @@ #include "memdebug.h" /* For overflow checks. */ -#define CURL_SIZE_T_MAX ((size_t) ~0) +#define CURL_SIZE_T_MAX ((size_t)-1) /* ASN.1 OIDs. */ @@ -119,8 +119,8 @@ const char *Curl_getASN1Element(curl_asn1Element *elem, ending at `end'. Returns a pointer in source string after the parsed element, or NULL if an error occurs. */ - - if(!beg || !end || (size_t) (end - beg) > CURL_ASN1_MAX) + if(!beg || !end || beg >= end || !*beg || + (size_t)(end - beg) > CURL_ASN1_MAX) return (const char *) NULL; /* Process header byte. */ @@ -155,7 +155,7 @@ const char *Curl_getASN1Element(curl_asn1Element *elem, elem->end = beg; return beg + 1; } - else if(beg + b > end) + else if((unsigned)b > (size_t)(end - beg)) return (const char *) NULL; /* Does not fit in source. */ else { /* Get long length. */ @@ -166,7 +166,7 @@ const char *Curl_getASN1Element(curl_asn1Element *elem, len = (len << 8) | (unsigned char) *beg++; } while(--b); } - if((unsigned long) (end - beg) < len) + if(len > (size_t)(end - beg)) return (const char *) NULL; /* Element data does not fit in source. */ elem->beg = beg; elem->end = beg + len; |