diff options
| author | Michael Brown | 2016-03-11 17:51:13 +0100 |
|---|---|---|
| committer | Michael Brown | 2016-03-11 17:58:51 +0100 |
| commit | 5a6ed90a00ea8b1070c808e4f7d5da173b2e848f (patch) | |
| tree | 65c60b99af5ea48cd8d81cf13152854d0fdbebff /src/core | |
| parent | [tls] Avoid potential out-of-bound reads in length fields (diff) | |
| download | ipxe-5a6ed90a00ea8b1070c808e4f7d5da173b2e848f.tar.gz ipxe-5a6ed90a00ea8b1070c808e4f7d5da173b2e848f.tar.xz ipxe-5a6ed90a00ea8b1070c808e4f7d5da173b2e848f.zip | |
[crypto] Allow for zero-length ASN.1 cursors
The assumption in asn1_type() that an ASN.1 cursor will always contain
a type byte is incorrect. A cursor that has been cleanly invalidated
via asn1_invalidate_cursor() will contain a type byte, but there are
other ways in which to arrive at a zero-length cursor.
Fix by explicitly checking the cursor length in asn1_type(). This
allows asn1_invalidate_cursor() to be reduced to simply zeroing the
length field.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/core')
0 files changed, 0 insertions, 0 deletions
