1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
Description: Fix CVE-2019-17362 based on upstream patch #508
Author: Nicolas Mora <nicolas@babelouest.org>
Forwarded: not-needed
Index: src/pk/asn1/der/utf8/der_decode_utf8_string.c
--- a/src/pk/asn1/der/utf8/der_decode_utf8_string.c
+++ b/src/pk/asn1/der/utf8/der_decode_utf8_string.c
@@ -76,7 +76,7 @@
/* count number of bytes */
for (z = 0; (tmp & 0x80) && (z <= 4); z++, tmp = (tmp << 1) & 0xFF);
- if (z > 4 || (x + (z - 1) > inlen)) {
+ if (z == 1 || z > 4 || (x + (z - 1) > inlen)) {
return CRYPT_INVALID_PACKET;
}
|
