libtasn1/patches/libtasn1-07-cve-2015-3622.patch

Source:
Internal

Info:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3622
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before
4.5 allows remote attackers to cause a denial of service (out-of-bounds heap
read) via a crafted certificate.

Status:
Need to determine if this patch has been sent upstream.

--- ORIGINAL/./lib/decoding.c   2015-07-14 19:00:52.376976336 -0700
+++ libtasn1-2.8/./lib/decoding.c   2015-07-14 19:02:03.790570755 -0700
@@ -758,6 +758,7 @@
     return ASN1_DER_ERROR;

   counter = len3 + 1;
+  DECR_LEN(der_len, len3);

   if (len2 == -1)
     counter_end = der_len - 2;
@@ -766,6 +767,7 @@

   while (counter < counter_end)
     {
+      DECR_LEN(der_len, 1);
       len2 = asn1_get_length_der (der + counter, der_len, &len3);

       if (len2 < -1)
@@ -787,7 +789,6 @@
      DECR_LEN(der_len, len2);
    }

-      DECR_LEN(der_len, 1);
       counter += len2 + len3 + 1;
     }