Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / ddb2c43594f22843e9f3153da151deaba1a834c5
commitddb2c43594f22843e9f3153da151deaba1a834c5[log] [tgz]
authorChris Wright <chrisw@sous-sol.org>Wed Jun 04 09:16:33 2008 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>Thu Jun 05 14:24:54 2008 -0700
tree7eeeca2fa55e9ef45c381b01d9e3ec1b726297c1
parentefedf51c866130945b5db755cb58670e60205d83 [diff]
asn1: additional sanity checking during BER decoding

- Don't trust a length which is greater than the working buffer.
  An invalid length could cause overflow when calculating buffer size
  for decoding oid.

- An oid length of zero is invalid and allows for an off-by-one error when
  decoding oid because the first subid actually encodes first 2 subids.

- A primitive encoding may not have an indefinite length.

Thanks to Wei Wang from McAfee for report.

Cc: Steven French <sfrench@us.ibm.com>
Cc: stable@kernel.org
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2 files changed
tree: 7eeeca2fa55e9ef45c381b01d9e3ec1b726297c1
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. fs/
  7. include/
  8. init/
  9. ipc/
  10. kernel/
  11. lib/
  12. mm/
  13. net/
  14. samples/
  15. scripts/
  16. security/
  17. sound/
  18. usr/
  19. virt/
  20. .gitignore
  21. .mailmap
  22. COPYING
  23. CREDITS
  24. Kbuild
  25. MAINTAINERS
  26. Makefile
  27. README
  28. REPORTING-BUGS