diff options
author | Björn Gustavsson <[email protected]> | 2014-09-29 12:55:21 +0200 |
---|---|---|
committer | Björn Gustavsson <[email protected]> | 2014-09-29 13:19:43 +0200 |
commit | 62bab9a7a2adbe3f1b7960a35d7dab1d7119c639 (patch) | |
tree | c9c5e56c1dd5fc3c8435f816d0fc05f7325f17c6 /lib/asn1/c_src/asn1_erl_nif.c | |
parent | 2397a14d1113bc2d334dee908269cf3b63c46314 (diff) | |
download | otp-62bab9a7a2adbe3f1b7960a35d7dab1d7119c639.tar.gz otp-62bab9a7a2adbe3f1b7960a35d7dab1d7119c639.tar.bz2 otp-62bab9a7a2adbe3f1b7960a35d7dab1d7119c639.zip |
BER decoding: Don't allow primitives with indefinite lengths
According to the BER encoding rules, only constructed values may
have indefinite lengths. A primitive value must be encoded with
a definite length.
Reported-by: Simon Cornish
Diffstat (limited to 'lib/asn1/c_src/asn1_erl_nif.c')
-rw-r--r-- | lib/asn1/c_src/asn1_erl_nif.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/asn1/c_src/asn1_erl_nif.c b/lib/asn1/c_src/asn1_erl_nif.c index 53e3aa1678..317a464060 100644 --- a/lib/asn1/c_src/asn1_erl_nif.c +++ b/lib/asn1/c_src/asn1_erl_nif.c @@ -949,7 +949,7 @@ static int ber_decode_value(ErlNifEnv* env, ERL_NIF_TERM *value, unsigned char * } else if (in_buf[*ib_index] == ASN1_INDEFINITE_LENGTH) { (*ib_index)++; curr_head = enif_make_list(env, 0); - if (*ib_index+1 >= in_buf_len) { + if (*ib_index+1 >= in_buf_len || form == ASN1_PRIMITIVE) { return ASN1_INDEF_LEN_ERROR; } while (!(in_buf[*ib_index] == 0 && in_buf[*ib_index + 1] == 0)) { |