The Samba-Bugzilla – Attachment 15751 Details for
Bug 14238
asn1 problem found in oss-fuzz
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Possible patch for master.
0001-lib-asn1.c-Prevent-ASN1_ENUMERATED-from-wrapping.patch (text/plain), 1.47 KB, created by
Jeremy Allison
on 2020-01-23 22:13:42 UTC
(
hide
)
Description:
Possible patch for master.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2020-01-23 22:13:42 UTC
Size:
1.47 KB
patch
obsolete
>From c6c2749fb4305c3a8c97594691fff906dfb4390a Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Thu, 23 Jan 2020 13:59:18 -0800 >Subject: [PATCH] lib: asn1.c: Prevent ASN1_ENUMERATED from wrapping. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14238 > >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > lib/util/asn1.c | 18 +++++++++++++++++- > 1 file changed, 17 insertions(+), 1 deletion(-) > >diff --git a/lib/util/asn1.c b/lib/util/asn1.c >index 51da5424956..6ae54d4cf20 100644 >--- a/lib/util/asn1.c >+++ b/lib/util/asn1.c >@@ -1024,9 +1024,10 @@ bool asn1_read_BitString(struct asn1_data *data, TALLOC_CTX *mem_ctx, DATA_BLOB > return true; > } > >-/* read an integer */ >+/* read a non-negative enumerated value */ > bool asn1_read_enumerated(struct asn1_data *data, int *v) > { >+ unsigned int val_will_wrap = (0xFF << ((sizeof(int)*8)-8)); > *v = 0; > > if (!asn1_start_tag(data, ASN1_ENUMERATED)) return false; >@@ -1035,7 +1036,22 @@ bool asn1_read_enumerated(struct asn1_data *data, int *v) > if (!asn1_read_uint8(data, &b)) { > return false; > } >+ if (*v & val_will_wrap) { >+ /* >+ * There is something already in >+ * the top byte of the int. If we >+ * shift left by 8 it's going to >+ * wrap. Prevent this. >+ */ >+ data->has_error = true; >+ return false; >+ } > *v = (*v << 8) + b; >+ if (*v < 0) { >+ /* ASN1_ENUMERATED can't be -ve. */ >+ data->has_error = true; >+ return false; >+ } > } > return asn1_end_tag(data); > } >-- >2.25.0.341.g760bfbb309-goog >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
dbagnall
:
review+
jra
:
ci-passed+
Actions:
View
Attachments on
bug 14238
: 15751