From 3a44b99cc6f14a87242e2dddc57f191f853cfd90 Mon Sep 17 00:00:00 2001 From: Sverker Eriksson Date: Thu, 18 Feb 2010 14:59:46 +0000 Subject: OTP-8451 Harmless buffer overflow by one byte in asn1 and ram_file_drv. --- lib/asn1/c_src/asn1_erl_driver.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'lib/asn1/c_src') diff --git a/lib/asn1/c_src/asn1_erl_driver.c b/lib/asn1/c_src/asn1_erl_driver.c index cd2e63a363..fd284e5800 100644 --- a/lib/asn1/c_src/asn1_erl_driver.c +++ b/lib/asn1/c_src/asn1_erl_driver.c @@ -1,19 +1,19 @@ /* * %CopyrightBegin% - * - * Copyright Ericsson AB 2002-2009. All Rights Reserved. - * + * + * Copyright Ericsson AB 2002-2010. All Rights Reserved. + * * The contents of this file are subject to the Erlang Public License, * Version 1.1, (the "License"); you may not use this file except in * compliance with the License. You should have received a copy of the * Erlang Public License along with this software. If not, it can be * retrieved online at http://www.erlang.org/. - * + * * Software distributed under the License is distributed on an "AS IS" * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See * the License for the specific language governing rights and limitations * under the License. - * + * * %CopyrightEnd% * */ @@ -206,7 +206,11 @@ int asn1_drv_control(ErlDrvData handle, set_port_control_flags(a_data->port, PORT_CONTROL_FLAG_BINARY); if (command == ASN1_COMPLETE) - { /* Do the PER complete encode step */ + { + if (buf_len==0) { + return 0; /* Avoid binary buffer overwrite (OTP-8451) */ + } + /* Do the PER complete encode step */ if ((drv_binary = driver_alloc_binary(buf_len))==NULL) { /* error handling */ set_port_control_flags(a_data->port, 0); -- cgit v1.2.3