summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-11-08 11:21:52 -0800
committerLinus Torvalds <torvalds@linux-foundation.org>2017-11-08 11:21:52 -0800
commitd6a2cf07f0c91e339d2c53f1e1ca6e731af2e72a (patch)
tree191177732b23ff3e4dedac329372349bb6ba46f5
parentf7dc4c9a855a13dbb33294c9fc94f17af03f6291 (diff)
parent624f5ab8720b3371367327a822c267699c1823b8 (diff)
downloadlinux-d6a2cf07f0c91e339d2c53f1e1ca6e731af2e72a.tar.bz2
Merge branch 'fixes-v4.14-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull key handling fix from James Morris: "Fix by Eric Biggers for the keys subsystem" * 'fixes-v4.14-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2]
Diffstat
-rw-r--r--lib/asn1_decoder.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/asn1_decoder.c b/lib/asn1_decoder.c
index fef5d2e114be..1ef0cec38d78 100644
--- a/lib/asn1_decoder.c
+++ b/lib/asn1_decoder.c
@@ -228,7 +228,7 @@ next_op:
hdr = 2;
/* Extract a tag from the data */
- if (unlikely(dp >= datalen - 1))
+ if (unlikely(datalen - dp < 2))
goto data_overrun_error;
tag = data[dp++];
if (unlikely((tag & 0x1f) == ASN1_LONG_TAG))
@@ -274,7 +274,7 @@ next_op:
int n = len - 0x80;
if (unlikely(n > 2))
goto length_too_long;
- if (unlikely(dp >= datalen - n))
+ if (unlikely(n > datalen - dp))
goto data_overrun_error;
hdr += n;
for (len = 0; n > 0; n--) {
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-09 20:30:07 +0000