0d81cc8c03
(CVE-2009-0846)
40 lines
1.6 KiB
Diff
40 lines
1.6 KiB
Diff
diff --git a/src/lib/krb5/asn.1/asn1_decode.c b/src/lib/krb5/asn.1/asn1_decode.c
|
|
index aa4be32..5f7461d 100644
|
|
--- a/src/lib/krb5/asn.1/asn1_decode.c
|
|
+++ b/src/lib/krb5/asn.1/asn1_decode.c
|
|
@@ -231,6 +231,7 @@ asn1_error_code asn1_decode_generaltime(asn1buf *buf, time_t *val)
|
|
|
|
if(length != 15) return ASN1_BAD_LENGTH;
|
|
retval = asn1buf_remove_charstring(buf,15,&s);
|
|
+ if (retval) return retval;
|
|
/* Time encoding: YYYYMMDDhhmmssZ */
|
|
if(s[14] != 'Z') {
|
|
free(s);
|
|
diff --git a/src/tests/asn.1/krb5_decode_test.c b/src/tests/asn.1/krb5_decode_test.c
|
|
index 0ff9343..1c427d1 100644
|
|
--- a/src/tests/asn.1/krb5_decode_test.c
|
|
+++ b/src/tests/asn.1/krb5_decode_test.c
|
|
@@ -485,6 +485,22 @@ int main(argc, argv)
|
|
ktest_destroy_keyblock(&(ref.subkey));
|
|
ref.seq_number = 0;
|
|
decode_run("ap_rep_enc_part","(optionals NULL)","7B 1C 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part);
|
|
+
|
|
+ retval = krb5_data_hex_parse(&code, "7B 06 30 04 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40");
|
|
+ if (retval) {
|
|
+ com_err("krb5_decode_test", retval, "while parsing");
|
|
+ exit(1);
|
|
+ }
|
|
+ retval = decode_krb5_ap_rep_enc_part(&code, &var);
|
|
+ if (retval != ASN1_OVERRUN) {
|
|
+ printf("ERROR: ");
|
|
+ } else {
|
|
+ printf("OK: ");
|
|
+ }
|
|
+ printf("ap_rep_enc_part(optionals NULL + expect ASN1_OVERRUN for inconsistent length of timestamp)\n");
|
|
+ krb5_free_data_contents(test_context, &code);
|
|
+ if (var) krb5_free_ap_rep_enc_part(test_context, var);
|
|
+
|
|
ktest_empty_ap_rep_enc_part(&ref);
|
|
}
|
|
|