diff options
author | Sverker Eriksson <sverker@erlang.org> | 2010-02-18 14:59:46 +0000 |
---|---|---|
committer | Erlang/OTP <otp@erlang.org> | 2010-02-18 14:59:46 +0000 |
commit | 3a44b99cc6f14a87242e2dddc57f191f853cfd90 (patch) | |
tree | acb6f863b54412f0b42f998711ba34e45216e665 /lib/asn1/c_src | |
parent | e68da67280480bcd51e1a38372e5671a38082f82 (diff) | |
download | otp-3a44b99cc6f14a87242e2dddc57f191f853cfd90.tar.gz otp-3a44b99cc6f14a87242e2dddc57f191f853cfd90.tar.bz2 otp-3a44b99cc6f14a87242e2dddc57f191f853cfd90.zip |
OTP-8451 Harmless buffer overflow by one byte in asn1 and ram_file_drv.
Diffstat (limited to 'lib/asn1/c_src')
-rw-r--r-- | lib/asn1/c_src/asn1_erl_driver.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/lib/asn1/c_src/asn1_erl_driver.c b/lib/asn1/c_src/asn1_erl_driver.c index cd2e63a363..fd284e5800 100644 --- a/lib/asn1/c_src/asn1_erl_driver.c +++ b/lib/asn1/c_src/asn1_erl_driver.c @@ -1,19 +1,19 @@ /* * %CopyrightBegin% - * - * Copyright Ericsson AB 2002-2009. All Rights Reserved. - * + * + * Copyright Ericsson AB 2002-2010. All Rights Reserved. + * * The contents of this file are subject to the Erlang Public License, * Version 1.1, (the "License"); you may not use this file except in * compliance with the License. You should have received a copy of the * Erlang Public License along with this software. If not, it can be * retrieved online at http://www.erlang.org/. - * + * * Software distributed under the License is distributed on an "AS IS" * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See * the License for the specific language governing rights and limitations * under the License. - * + * * %CopyrightEnd% * */ @@ -206,7 +206,11 @@ int asn1_drv_control(ErlDrvData handle, set_port_control_flags(a_data->port, PORT_CONTROL_FLAG_BINARY); if (command == ASN1_COMPLETE) - { /* Do the PER complete encode step */ + { + if (buf_len==0) { + return 0; /* Avoid binary buffer overwrite (OTP-8451) */ + } + /* Do the PER complete encode step */ if ((drv_binary = driver_alloc_binary(buf_len))==NULL) { /* error handling */ set_port_control_flags(a_data->port, 0); |