Do not return illegal values in asn1_get_bit_der().

author Nikos Mavrogiannopoulos <nmav@gnutls.org>

Fri, 16 May 2014 20:10:08 +0000 (22:10 +0200)

committer Nikos Mavrogiannopoulos <nmav@gnutls.org>

Fri, 16 May 2014 20:10:08 +0000 (22:10 +0200)
author Nikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 16 May 2014 20:10:08 +0000 (22:10 +0200)
committer Nikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 16 May 2014 20:10:08 +0000 (22:10 +0200)
diff --git a/lib/decoding.c b/lib/decoding.c

index 7e0ed05..894be79 100644 (file)
--- a/lib/decoding.c
+++ b/lib/decoding.c
@@ -249,7 +249,7 @@ asn1_get_octet_der (const unsigned char *der, int der_len,
                     int *ret_len, unsigned char *str, int str_size,
                     int *str_len)
  {
-  int len_len;
+  int len_len = 0;
  
    if (der_len <= 0)
      return ASN1_GENERIC_ERROR;
@@ -371,7 +371,7 @@ asn1_get_bit_der (const unsigned char *der, int der_len,
                   int *ret_len, unsigned char *str, int str_size,
                   int *bit_len)
  {
-  int len_len, len_byte;
+  int len_len = 0, len_byte;
  
    if (der_len <= 0)
      return ASN1_GENERIC_ERROR;
@@ -381,6 +381,9 @@ asn1_get_bit_der (const unsigned char *der, int der_len,
  
    *ret_len = len_byte + len_len + 1;
    *bit_len = len_byte * 8 - der[len_len];
+  
+  if (*bit_len <= 0)
+    return ASN1_DER_ERROR;
  
    if (str_size >= len_byte)
      memcpy (str, der + len_len + 1, len_byte);
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Fri, 16 May 2014 20:10:08 +0000 (22:10 +0200)
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Fri, 16 May 2014 20:10:08 +0000 (22:10 +0200)