Some files with a malformed (malicious?) digital signature causes Decode()
in ASN1.cs to go into an infinite loop,
consuming more and more memory until the process is killed by the kernel
(tested on Linux).
---
mcs/class/Mono.Security/Mono.Security/ASN1.cs | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/mcs/class/Mono.Security/Mono.Security/ASN1.cs
b/mcs/class/Mono.Security/Mono.Security/ASN1.cs
index 751a2ece4e6..d350f6fbf14 100644
--- a/mcs/class/Mono.Security/Mono.Security/ASN1.cs
+++ b/mcs/class/Mono.Security/Mono.Security/ASN1.cs
@@ -250,6 +250,11 @@ namespace Mono.Security {
// sometimes we get trailing 0
if (nTag == 0)
continue;
+ if (anPos + nLength > anLength)
+ {
+ anPos = anLength;
+ break;
+ }
ASN1 elm = Add (new ASN1 (nTag, aValue));
--
2.11.0
_______________________________________________
Mono-devel-list mailing list
[email protected]
http://lists.dot.net/mailman/listinfo/mono-devel-list
