forked from Minki/linux
Merge branch 'fixes-v4.14-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull key handling fix from James Morris: "Fix by Eric Biggers for the keys subsystem" * 'fixes-v4.14-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2]
This commit is contained in:
commit
d6a2cf07f0
@ -228,7 +228,7 @@ next_op:
|
||||
hdr = 2;
|
||||
|
||||
/* Extract a tag from the data */
|
||||
if (unlikely(dp >= datalen - 1))
|
||||
if (unlikely(datalen - dp < 2))
|
||||
goto data_overrun_error;
|
||||
tag = data[dp++];
|
||||
if (unlikely((tag & 0x1f) == ASN1_LONG_TAG))
|
||||
@ -274,7 +274,7 @@ next_op:
|
||||
int n = len - 0x80;
|
||||
if (unlikely(n > 2))
|
||||
goto length_too_long;
|
||||
if (unlikely(dp >= datalen - n))
|
||||
if (unlikely(n > datalen - dp))
|
||||
goto data_overrun_error;
|
||||
hdr += n;
|
||||
for (len = 0; n > 0; n--) {
|
||||
|
Loading…
Reference in New Issue
Block a user