leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Keyrings fixes

Browse Source 
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIVAwUAVzRizPSw1s6N8H32AQLvSg/+OVH7Typvg1nAXLrY1cNG6NmlHgs6frGq
 tFLwl4P/ZZDfxcjZ5qiutlB1H4D2T2jfF0T4IAnFqfTdKayr+dVpM+o2NBcGZIbj
 dNw9JWnZ9W1o4j0Ym7aj/8PTna21ZyEmv/5208d01xn08AbOKi8dJusi9d9cxG4f
 R93Zi2Flg1epA6kEmia0Cmv+BWAoBnYFwN6N38knxOLyIkkOziT1iBseV44NzY0o
 wtG+4MCgv2tmX5dG7O0XjyD3edxxEi8x0qrXrM0aafZFUWn+OCNuSSQPp/RudaH8
 W7DzDJGy1y04roQWIKu16iD/HkAgMb5n/StFMMRLHAS1m42gKpXEwiAoGTdzMV3L
 MEsedkYA+Pe5J9PaUiJnpTNNz3xCS1Vc/yGcX5dGYaSmhXuC5gFQMjgwzWvP8ic2
 IOH1CDEJbA8ZFuEjHYUjxNwu2T/iqN07CG3W/3Zc7K9bKDeuT6M5ATkk4tyzEX/d
 VAolzs6W/5Iw2ZUTsUtv7ajzdP4fNmjV69mGMvUQH8wmnh/eK4U9B9mbHIJEMwWG
 cwQ6Z5RGslr+WKphxA+X3RsyQGYoT8I4u1nnPPMyLp4fbyicnlxSZIms4WrRiENy
 aCSp3ZBLPh2/EAAIs1gLSv/0a7xTS6e62vaLQ72vhDCR0G/G3ANSZLoBvtJGU/Ra
 GDcaU/79WqU=
 =SJAm
 -----END PGP SIGNATURE-----

Merge tag 'keys-fixes-20160512' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs

Pull keyring fix from David Howells:
 "Fix ASN.1 indefinite length object parsing"

* tag 'keys-fixes-20160512' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
  KEYS: Fix ASN.1 indefinite length object parsing
This commit is contained in:
Linus Torvalds 2016-05-12 13:00:33 -07:00
commit 02c9c0e9b9
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/asn1_decoder.c
View File

@ -74,7 +74,7 @@ next_tag:
/* Extract a tag from the data */
tag = data[dp++];
if (tag == 0) {
if (tag == ASN1_EOC) {
/* It appears to be an EOC. */
if (data[dp++] != 0)
goto invalid_eoc;
@ -96,10 +96,8 @@ next_tag:
/* Extract the length */
len = data[dp++];
if (len <= 0x7f) {
dp += len;
goto next_tag;
}
if (len <= 0x7f)
goto check_length;
if (unlikely(len == ASN1_INDEFINITE_LENGTH)) {
/* Indefinite length */
@ -110,14 +108,18 @@ next_tag:
}
n = len - 0x80;
if (unlikely(n > sizeof(size_t) - 1))
if (unlikely(n > sizeof(len) - 1))
goto length_too_long;
if (unlikely(n > datalen - dp))
goto data_overrun_error;
for (len = 0; n > 0; n--) {
len = 0;
for (; n > 0; n--) {
len <<= 8;
len |= data[dp++];
}
check_length:
if (len > datalen - dp)
goto data_overrun_error;
dp += len;
goto next_tag;