Sophie

Sophie

distrib > Mageia > 6 > armv5tl > by-pkgid > 5cbce8b650d1ed38b79175c5d88bfcdd > files > 6

libcryptopp-5.6.5-3.mga6.src.rpm

Index: libcryptopp-5.6.3/asn.cpp
===================================================================
--- libcryptopp-5.6.3/asn.cpp
+++ libcryptopp-5.6.3/asn.cpp	2016-12-16 11:09:07.162829496 -0500
@@ -123,6 +123,8 @@
 	size_t bc;
 	if (!BERLengthDecode(bt, bc))
 		BERDecodeError();
+	if (bc > bt.MaxRetrievable())
+		BERDecodeError();
 
 	str.New(bc);
 	if (bc != bt.Get(str, bc))
@@ -139,6 +141,8 @@
 	size_t bc;
 	if (!BERLengthDecode(bt, bc))
 		BERDecodeError();
+	if (bc > bt.MaxRetrievable())
+		BERDecodeError();
 
 	bt.TransferTo(str, bc);
 	return bc;
@@ -161,6 +165,8 @@
 	size_t bc;
 	if (!BERLengthDecode(bt, bc))
 		BERDecodeError();
+	if (bc > bt.MaxRetrievable())
+		BERDecodeError();
 
 	SecByteBlock temp(bc);
 	if (bc != bt.Get(temp, bc))
@@ -188,6 +194,10 @@
 	size_t bc;
 	if (!BERLengthDecode(bt, bc))
 		BERDecodeError();
+	if (bc == 0)
+		BERDecodeError();
+	if (bc > bt.MaxRetrievable())
+		BERDecodeError();
 
 	byte unused;
 	if (!bt.Get(unused))
Index: libcryptopp-5.6.3/asn.h
===================================================================
--- libcryptopp-5.6.3/asn.h
+++ libcryptopp-5.6.3/asn.h	2016-12-16 11:10:04.338836296 -0500
@@ -352,6 +352,8 @@
 	bool definite = BERLengthDecode(in, bc);
 	if (!definite)
 		BERDecodeError();
+	if (bc > in.MaxRetrievable())
+		BERDecodeError();
 
 	SecByteBlock buf(bc);

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional