aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorJay Satiro <raysatiro@yahoo.com>2016-11-24 19:43:20 -0500
committerJay Satiro <raysatiro@yahoo.com>2016-11-24 19:43:20 -0500
commit2127457018d22034cb5ea977db654bd603078fc9 (patch)
treeca63bd39974addac624a35818a68d26b7ff74314 /lib
parent7d967c80bc72a42bce6e995fdcda3a5b544d0621 (diff)
x509asn1: Restore the parameter check in Curl_getASN1Element
- Restore the removed parts of the parameter check. Follow-up to 945f60e which altered the parameter check.
Diffstat (limited to 'lib')
-rw-r--r--lib/x509asn1.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/lib/x509asn1.c b/lib/x509asn1.c
index 96794d77e..acd98e492 100644
--- a/lib/x509asn1.c
+++ b/lib/x509asn1.c
@@ -41,7 +41,7 @@
#include "memdebug.h"
/* For overflow checks. */
-#define CURL_SIZE_T_MAX ((size_t) ~0)
+#define CURL_SIZE_T_MAX ((size_t)-1)
/* ASN.1 OIDs. */
@@ -119,8 +119,8 @@ const char *Curl_getASN1Element(curl_asn1Element *elem,
ending at `end'.
Returns a pointer in source string after the parsed element, or NULL
if an error occurs. */
-
- if(!beg || !end || (size_t) (end - beg) > CURL_ASN1_MAX)
+ if(!beg || !end || beg >= end || !*beg ||
+ (size_t)(end - beg) > CURL_ASN1_MAX)
return (const char *) NULL;
/* Process header byte. */
@@ -155,7 +155,7 @@ const char *Curl_getASN1Element(curl_asn1Element *elem,
elem->end = beg;
return beg + 1;
}
- else if(beg + b > end)
+ else if((unsigned)b > (size_t)(end - beg))
return (const char *) NULL; /* Does not fit in source. */
else {
/* Get long length. */
@@ -166,7 +166,7 @@ const char *Curl_getASN1Element(curl_asn1Element *elem,
len = (len << 8) | (unsigned char) *beg++;
} while(--b);
}
- if((unsigned long) (end - beg) < len)
+ if(len > (size_t)(end - beg))
return (const char *) NULL; /* Element data does not fit in source. */
elem->beg = beg;
elem->end = beg + len;