1From 25c26a3b7a9ad8192ccc923e15cf62bf0108ef94 Mon Sep 17 00:00:00 2001 2From: werew <werew@ret2libc.com> 3Date: Thu, 3 Oct 2019 19:57:10 +0200 4Subject: [PATCH] Fixes #507 5 6Fix a vulnerability in der_decode_utf8_string as specified here: 7https://github.com/libtom/libtomcrypt/issues/507 8 9[for import into Buildroot] 10Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> 11 12 13--- 14 src/pk/asn1/der/utf8/der_decode_utf8_string.c | 2 +- 15 1 file changed, 1 insertion(+), 1 deletion(-) 16 17diff --git a/src/pk/asn1/der/utf8/der_decode_utf8_string.c b/src/pk/asn1/der/utf8/der_decode_utf8_string.c 18index 94555b99f..d3ed82bea 100644 19--- a/src/pk/asn1/der/utf8/der_decode_utf8_string.c 20+++ b/src/pk/asn1/der/utf8/der_decode_utf8_string.c 21@@ -65,7 +65,7 @@ int der_decode_utf8_string(const unsigned char *in, unsigned long inlen, 22 /* count number of bytes */ 23 for (z = 0; (tmp & 0x80) && (z <= 4); z++, tmp = (tmp << 1) & 0xFF); 24 25- if (z > 4 || (x + (z - 1) > inlen)) { 26+ if (z == 1 || z > 4 || (x + (z - 1) > inlen)) { 27 return CRYPT_INVALID_PACKET; 28 } 29 30