Commit bfb2e4b2 authored by Kurt Roeckx's avatar Kurt Roeckx
Browse files

Return error when a bit string indicates an invalid amount of bits left 



Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent d8c8a718

crypto/asn1/a_bitstr.c

+6 −1
Original line number Diff line number Diff line
@@ -136,11 +136,16 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, 


	p= *pp;

	i= *(p++);

	if (i > 7)

		{

		i=ASN1_R_INVALID_BIT_STRING_BITS_LEFT;

		goto err;

		}

	/* We do this to preserve the settings.  If we modify

	 * the settings, via the _set_bit function, we will recalculate

	 * on output */

	ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */

	ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */

	ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|i); /* set */



	if (len-- > 1) /* using one because of the bits left byte */

		{

crypto/asn1/asn1.h

+1 −0
Original line number Diff line number Diff line
@@ -1327,6 +1327,7 @@ void ERR_load_ASN1_strings(void); 
#define ASN1_R_ILLEGAL_TIME_VALUE			 184

#define ASN1_R_INTEGER_NOT_ASCII_FORMAT			 185

#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG		 128

#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT		 220

#define ASN1_R_INVALID_BMPSTRING_LENGTH			 129

#define ASN1_R_INVALID_DIGIT				 130

#define ASN1_R_INVALID_MIME_TYPE			 205

crypto/asn1/asn1_err.c

+1 −0
Original line number Diff line number Diff line
@@ -243,6 +243,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= 
{ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE)   ,"illegal time value"},

{ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"},

{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},

{ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),"invalid bit string bits left"},

{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},

{ERR_REASON(ASN1_R_INVALID_DIGIT)        ,"invalid digit"},

{ERR_REASON(ASN1_R_INVALID_MIME_TYPE)    ,"invalid mime type"},