asn1: Add overflow check to asn1_write

author Volker Lendecke <vl@samba.org>

Tue, 22 Dec 2015 12:50:54 +0000 (13:50 +0100)

committer Jeremy Allison <jra@samba.org>

Tue, 5 Jan 2016 23:54:17 +0000 (00:54 +0100)
author Volker Lendecke <vl@samba.org>
Tue, 22 Dec 2015 12:50:54 +0000 (13:50 +0100)
committer Jeremy Allison <jra@samba.org>
Tue, 5 Jan 2016 23:54:17 +0000 (00:54 +0100)
diff --git a/lib/util/asn1.c b/lib/util/asn1.c

index 98cd41c47ce012dc773de1ddf8186eb811bbe6ee..6f51820949a2382ef3790b71282042dd368f1920 100644 (file)
--- a/lib/util/asn1.c
+++ b/lib/util/asn1.c
@@ -40,6 +40,12 @@ void asn1_free(struct asn1_data *data)
  bool asn1_write(struct asn1_data *data, const void *p, int len)
  {
         if (data->has_error) return false;
+
+       if ((len < 0) || (data->ofs + (size_t)len < data->ofs)) {
+               data->has_error = true;
+               return false;
+       }
+
         if (data->length < data->ofs+len) {
                 uint8_t *newp;
                 newp = talloc_realloc(data, data->data, uint8_t, data->ofs+len);
author	Volker Lendecke <vl@samba.org>
	Tue, 22 Dec 2015 12:50:54 +0000 (13:50 +0100)
committer	Jeremy Allison <jra@samba.org>
	Tue, 5 Jan 2016 23:54:17 +0000 (00:54 +0100)