Add a bit of hardening

author Kurt Zeilenga <kurt@openldap.org>

Sun, 6 May 2001 19:07:24 +0000 (19:07 +0000)

committer Kurt Zeilenga <kurt@openldap.org>

Sun, 6 May 2001 19:07:24 +0000 (19:07 +0000)
author Kurt Zeilenga <kurt@openldap.org>
Sun, 6 May 2001 19:07:24 +0000 (19:07 +0000)
committer Kurt Zeilenga <kurt@openldap.org>
Sun, 6 May 2001 19:07:24 +0000 (19:07 +0000)
diff --git a/libraries/liblber/decode.c b/libraries/liblber/decode.c

index 5459b8d675e7606f0b4274dc9e8f32f34ee8de3b..2d864abae204e51409536f637434770055a0631d 100644 (file)
--- a/libraries/liblber/decode.c
+++ b/libraries/liblber/decode.c
@@ -137,6 +137,11 @@ ber_skip_tag( BerElement *ber, ber_len_t *len )
                 *len = lc;
         }
  
+       /* BER element should have enough data left */
+       if( *len > ber_pvt_ber_remaining( ber ) ) {
+               return LBER_DEFAULT;
+       }
+
         return tag;
  }
  
@@ -252,7 +257,9 @@ ber_get_stringb(
         if ( (tag = ber_skip_tag( ber, &datalen )) == LBER_DEFAULT ) {
                 return LBER_DEFAULT;
         }
-       if ( datalen > (*len - 1) ) {
+
+       /* must fit within allocated space with termination */
+       if ( datalen >= *len ) {
                 return LBER_DEFAULT;
         }
  
diff --git a/libraries/liblber/io.c b/libraries/liblber/io.c

index 36e43311047f8ac528121a98f518c67cc82aa127..a446f7f5827363fc3f005467b3ac760c8d1dff0c 100644 (file)
--- a/libraries/liblber/io.c
+++ b/libraries/liblber/io.c
@@ -77,7 +77,7 @@ ber_read(
  
         assert( BER_VALID( ber ) );
  
-       nleft = ber->ber_end - ber->ber_ptr;
+       nleft = ber_pvt_ber_remaining( ber );
         actuallen = nleft < len ? nleft : len;
  
         AC_MEMCPY( buf, ber->ber_ptr, actuallen );
author	Kurt Zeilenga <kurt@openldap.org>
	Sun, 6 May 2001 19:07:24 +0000 (19:07 +0000)
committer	Kurt Zeilenga <kurt@openldap.org>
	Sun, 6 May 2001 19:07:24 +0000 (19:07 +0000)
libraries/liblber/decode.c		patch \| blob \| history
libraries/liblber/io.c		patch \| blob \| history