The branch, master has been updated
via 2d5b7c9a50d lib: asn1.c: Prevent ASN1_ENUMERATED from wrapping.
from 620987449cc lib/util: use better linux os detection in gpfs
configure
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2d5b7c9a50d1514cf6e5aa3f1cc4f4b5c3c6ff22
Author: Jeremy Allison <[email protected]>
Date: Thu Jan 23 13:59:18 2020 -0800
lib: asn1.c: Prevent ASN1_ENUMERATED from wrapping.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14238
Signed-off-by: Jeremy Allison <[email protected]>
Reviewed-by: Douglas Bagnall <[email protected]>
Autobuild-User(master): Jeremy Allison <[email protected]>
Autobuild-Date(master): Wed Jan 29 01:02:04 UTC 2020 on sn-devel-184
-----------------------------------------------------------------------
Summary of changes:
lib/util/asn1.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/asn1.c b/lib/util/asn1.c
index 51da5424956..6ae54d4cf20 100644
--- a/lib/util/asn1.c
+++ b/lib/util/asn1.c
@@ -1024,9 +1024,10 @@ bool asn1_read_BitString(struct asn1_data *data,
TALLOC_CTX *mem_ctx, DATA_BLOB
return true;
}
-/* read an integer */
+/* read a non-negative enumerated value */
bool asn1_read_enumerated(struct asn1_data *data, int *v)
{
+ unsigned int val_will_wrap = (0xFF << ((sizeof(int)*8)-8));
*v = 0;
if (!asn1_start_tag(data, ASN1_ENUMERATED)) return false;
@@ -1035,7 +1036,22 @@ bool asn1_read_enumerated(struct asn1_data *data, int *v)
if (!asn1_read_uint8(data, &b)) {
return false;
}
+ if (*v & val_will_wrap) {
+ /*
+ * There is something already in
+ * the top byte of the int. If we
+ * shift left by 8 it's going to
+ * wrap. Prevent this.
+ */
+ data->has_error = true;
+ return false;
+ }
*v = (*v << 8) + b;
+ if (*v < 0) {
+ /* ASN1_ENUMERATED can't be -ve. */
+ data->has_error = true;
+ return false;
+ }
}
return asn1_end_tag(data);
}
--
Samba Shared Repository
