diff -u -r libtasn1-2.14.orig/lib/decoding.c libtasn1-2.14/lib/decoding.c
--- libtasn1-2.14.orig/lib/decoding.c 2012-09-13 01:16:23.000000000 -0500
+++ libtasn1-2.14/lib/decoding.c 2014-06-05 16:42:36.495243018 -0500
@@ -149,7 +149,7 @@
/* Long form */
punt = 1;
ris = 0;
- while (punt <= der_len && der[punt] & 128)
+ while (punt < der_len && der[punt] & 128)
{
last = ris;
@@ -226,12 +226,11 @@
int *ret_len, unsigned char *str, int str_size,
int *str_len)
{
- int len_len;
+ int len_len = 0;
if (der_len <= 0)
return ASN1_GENERIC_ERROR;
- /* if(str==NULL) return ASN1_SUCCESS; */
*str_len = asn1_get_length_der (der, der_len, &len_len);
if (*str_len < 0)
@@ -239,7 +238,10 @@
*ret_len = *str_len + len_len;
if (str_size >= *str_len)
- memcpy (str, der + len_len, *str_len);
+ {
+ if (*str_len > 0 && str != NULL)
+ memcpy (str, der + len_len, *str_len);
+ }
else
{
return ASN1_MEM_ERROR;
@@ -259,7 +261,7 @@
if (der_len <= 0 || str == NULL)
return ASN1_DER_ERROR;
str_len = asn1_get_length_der (der, der_len, &len_len);
- if (str_len < 0 || str_size < str_len)
+ if (str_len <= 0 || str_size < str_len)
return ASN1_DER_ERROR;
memcpy (str, der + len_len, str_len);
str[str_len] = 0;
@@ -285,7 +287,7 @@
return ASN1_GENERIC_ERROR;
len = asn1_get_length_der (der, der_len, &len_len);
- if (len < 0 || len > der_len || len_len > der_len)
+ if (len <= 0 || len > der_len || len_len > der_len)
return ASN1_DER_ERROR;
val1 = der[len_len] / 40;
@@ -347,7 +349,7 @@
int *ret_len, unsigned char *str, int str_size,
int *bit_len)
{
- int len_len, len_byte;
+ int len_len = 0, len_byte;
if (der_len <= 0)
return ASN1_GENERIC_ERROR;
@@ -358,8 +360,14 @@
*ret_len = len_byte + len_len + 1;
*bit_len = len_byte * 8 - der[len_len];
+ if (*bit_len <= 0)
+ return ASN1_DER_ERROR;
+
if (str_size >= len_byte)
- memcpy (str, der + len_len + 1, len_byte);
+ {
+ if (len_byte > 0 && str)
+ memcpy (str, der + len_len + 1, len_byte);
+ }
else
{
return ASN1_MEM_ERROR;
diff -u -r libtasn1-2.14.orig/lib/element.c libtasn1-2.14/lib/element.c
--- libtasn1-2.14.orig/lib/element.c 2012-09-24 06:51:43.000000000 -0500
+++ libtasn1-2.14/lib/element.c 2014-06-05 16:50:27.290222945 -0500
@@ -112,8 +112,11 @@
/* VALUE_OUT is too short to contain the value conversion */
return ASN1_MEM_ERROR;
- for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++)
- value_out[k2 - k] = val[k2];
+ if (value_out != NULL)
+ {
+ for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++)
+ value_out[k2 - k] = val[k2];
+ }
#if 0
printf ("_asn1_convert_integer: valueIn=%s, lenOut=%d", value, *len);
@@ -617,7 +620,8 @@
if (ptr_size < data_size) { \
return ASN1_MEM_ERROR; \
} else { \
- memcpy( ptr, data, data_size); \
+ if (ptr && data_size > 0) \
+ memcpy( ptr, data, data_size); \
}
#define PUT_STR_VALUE( ptr, ptr_size, data) \
@@ -626,16 +630,19 @@
return ASN1_MEM_ERROR; \
} else { \
/* this strcpy is checked */ \
- _asn1_strcpy(ptr, data); \
+ if (ptr) { \
+ _asn1_strcpy(ptr, data); \
+ } \
}
#define ADD_STR_VALUE( ptr, ptr_size, data) \
- *len = (int) _asn1_strlen(data) + 1; \
- if (ptr_size < (int) _asn1_strlen(ptr)+(*len)) { \
+ *len += _asn1_strlen(data); \
+ if (ptr_size < (int) *len) { \
+ (*len)++; \
return ASN1_MEM_ERROR; \
} else { \
/* this strcat is checked */ \
- _asn1_strcat(ptr, data); \
+ if (ptr) _asn1_strcat(ptr, data); \
}
/**
@@ -792,7 +799,9 @@
case TYPE_OBJECT_ID:
if (node->type & CONST_ASSIGN)
{
- value[0] = 0;
+ *len = 0;
+ if (value)
+ value[0] = 0;
p = node->down;
while (p)
{
@@ -806,7 +815,7 @@
}
p = p->right;
}
- *len = _asn1_strlen (value) + 1;
+ (*len)++;
}
else if ((node->type & CONST_DEFAULT) && (node->value == NULL))
{