[erlang-patches] ASN.1 Long Definite Length
Vance Shipley
vances@REDACTED
Sun May 15 03:53:01 CEST 2011
... attached now.
On Sun, May 15, 2011 at 07:19:20AM +0530, Vance Shipley wrote:
} The attached patch adds a test to determine if the calculated length
} has overflowed the size of the variable used to store it.
--
-Vance
-------------- next part --------------
--- lib/asn1/c_src/asn1_erl_driver.c.orig 2011-05-14 13:15:25.000000000 +0530
+++ lib/asn1/c_src/asn1_erl_driver.c 2011-05-14 22:23:11.000000000 +0530
@@ -1300,6 +1300,8 @@
printf("decode_value1:ii=%d.\r\n",*ib_index);
#endif
len = (len << 8) + in_buf[*ib_index];
+ if (len < 0)
+ return ASN1_LEN_ERROR;
}
if (len > (in_buf_len - (*ib_index + 1)))
return ASN1_LEN_ERROR;
More information about the erlang-patches
mailing list