Code Review
/
kvmfornfv.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Upgrade to 4.4.50-rt62
[kvmfornfv.git]
/
kernel
/
lib
/
asn1_decoder.c
diff --git
a/kernel/lib/asn1_decoder.c
b/kernel/lib/asn1_decoder.c
index
2b3f46c
..
5545229
100644
(file)
--- a/
kernel/lib/asn1_decoder.c
+++ b/
kernel/lib/asn1_decoder.c
@@
-74,7
+74,7
@@
next_tag:
/* Extract a tag from the data */
tag = data[dp++];
/* Extract a tag from the data */
tag = data[dp++];
- if (tag ==
0
) {
+ if (tag ==
ASN1_EOC
) {
/* It appears to be an EOC. */
if (data[dp++] != 0)
goto invalid_eoc;
/* It appears to be an EOC. */
if (data[dp++] != 0)
goto invalid_eoc;
@@
-96,10
+96,8
@@
next_tag:
/* Extract the length */
len = data[dp++];
/* Extract the length */
len = data[dp++];
- if (len <= 0x7f) {
- dp += len;
- goto next_tag;
- }
+ if (len <= 0x7f)
+ goto check_length;
if (unlikely(len == ASN1_INDEFINITE_LENGTH)) {
/* Indefinite length */
if (unlikely(len == ASN1_INDEFINITE_LENGTH)) {
/* Indefinite length */
@@
-110,14
+108,18
@@
next_tag:
}
n = len - 0x80;
}
n = len - 0x80;
- if (unlikely(n > sizeof(
size_t
) - 1))
+ if (unlikely(n > sizeof(
len
) - 1))
goto length_too_long;
if (unlikely(n > datalen - dp))
goto data_overrun_error;
goto length_too_long;
if (unlikely(n > datalen - dp))
goto data_overrun_error;
- for (len = 0; n > 0; n--) {
+ len = 0;
+ for (; n > 0; n--) {
len <<= 8;
len |= data[dp++];
}
len <<= 8;
len |= data[dp++];
}
+check_length:
+ if (len > datalen - dp)
+ goto data_overrun_error;
dp += len;
goto next_tag;
dp += len;
goto next_tag;