lib/util: Allocate enough space to reference blob->data[len]

Found by Thomas Hood <jdthood@gmail.com> using valgrind.

Thanks!

Andrew Bartlett

diff --git a/lib/util/asn1.c b/lib/util/asn1.c
index c23bf65b8d57b6d9e03918ca05604f1a2766f604..70637a3e065c48d5063a95d22bea392559f35622 100644 (file)
--- a/lib/util/asn1.c
+++ b/lib/util/asn1.c
@@ -844,7 +844,7 @@ bool asn1_read_OctetString(struct asn1_data *data, TALLOC_CTX *mem_ctx, DATA_BLO
                return false;
        }
        *blob = data_blob_talloc(mem_ctx, NULL, len+1);
-       if (!blob->data) {
+       if (!blob->data || blob->length < len) {
                data->has_error = true;
                return false;
        }
@@ -927,8 +927,8 @@ bool asn1_read_BitString(struct asn1_data *data, TALLOC_CTX *mem_ctx, DATA_BLOB
        }
        if (!asn1_read_uint8(data, padding)) return false;
 
-       *blob = data_blob_talloc(mem_ctx, NULL, len);
-       if (!blob->data) {
+       *blob = data_blob_talloc(mem_ctx, NULL, len+1);
+       if (!blob->data || blob->length < len) {
                data->has_error = true;
                return false;
        }