diff options
| author | Michael Brown | 2016-03-11 17:51:13 +0100 |
|---|---|---|
| committer | Michael Brown | 2016-03-11 17:58:51 +0100 |
| commit | 5a6ed90a00ea8b1070c808e4f7d5da173b2e848f (patch) | |
| tree | 65c60b99af5ea48cd8d81cf13152854d0fdbebff /src/crypto | |
| parent | [tls] Avoid potential out-of-bound reads in length fields (diff) | |
| download | ipxe-5a6ed90a00ea8b1070c808e4f7d5da173b2e848f.tar.gz ipxe-5a6ed90a00ea8b1070c808e4f7d5da173b2e848f.tar.xz ipxe-5a6ed90a00ea8b1070c808e4f7d5da173b2e848f.zip | |
[crypto] Allow for zero-length ASN.1 cursors
The assumption in asn1_type() that an ASN.1 cursor will always contain
a type byte is incorrect. A cursor that has been cleanly invalidated
via asn1_invalidate_cursor() will contain a type byte, but there are
other ways in which to arrive at a zero-length cursor.
Fix by explicitly checking the cursor length in asn1_type(). This
allows asn1_invalidate_cursor() to be reduced to simply zeroing the
length field.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/crypto')
| -rw-r--r-- | src/crypto/asn1.c | 12 |
1 files changed, 0 insertions, 12 deletions
diff --git a/src/crypto/asn1.c b/src/crypto/asn1.c index aca12bf3..9c71ffe1 100644 --- a/src/crypto/asn1.c +++ b/src/crypto/asn1.c @@ -82,18 +82,6 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); __einfo_uniqify ( EINFO_ENOTTY, 0x01, "Inappropriate algorithm" ) /** - * Invalidate ASN.1 object cursor - * - * @v cursor ASN.1 object cursor - */ -void asn1_invalidate_cursor ( struct asn1_cursor *cursor ) { - static uint8_t asn1_invalid_object[] = { ASN1_END, 0 }; - - cursor->data = asn1_invalid_object; - cursor->len = 0; -} - -/** * Start parsing ASN.1 object * * @v cursor ASN.1 object cursor |