Chris Wright
ddb2c43594
asn1: additional sanity checking during BER decoding ...
- Don't trust a length which is greater than the working buffer.
An invalid length could cause overflow when calculating buffer size
for decoding oid.
- An oid length of zero is invalid and allows for an off-by-one error when
decoding oid because the first subid actually encodes first 2 subids.
- A primitive encoding may not have an indefinite length.
Thanks to Wei Wang from McAfee for report.
Cc: Steven French <sfrench@us.ibm.com>
Cc: stable@kernel.org
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-06-05 14:24:54 -07:00
2008-05-14 19:23:27 -05:00
2008-04-30 08:29:54 -07:00
2008-05-06 13:45:33 -04:00
2008-04-30 08:29:54 -07:00
2008-02-08 09:22:40 -08:00
2008-05-01 08:04:01 -07:00
2008-05-16 12:01:45 -07:00
2008-04-30 08:29:54 -07:00
2008-06-05 14:24:54 -07:00
2008-04-29 08:06:04 -07:00
2008-04-30 08:29:54 -07:00
2008-04-18 22:16:44 -04:00
2008-04-30 16:52:47 -07:00
2008-04-30 08:29:48 -07:00
2008-05-19 15:37:27 -05:00
2008-05-24 09:56:07 -07:00
2008-04-02 15:28:19 -07:00
2008-04-30 08:29:54 -07:00
2008-04-28 08:58:43 -07:00
2008-05-14 19:11:14 -07:00
2008-05-15 14:43:20 -04:00
2008-04-30 08:29:54 -07:00
2008-04-29 08:06:00 -07:00
2008-05-24 09:56:07 -07:00
2008-05-12 08:57:11 +01:00
2008-04-30 08:29:52 -07:00
2008-05-13 08:02:24 -07:00
2008-02-05 09:44:30 -08:00
2008-02-08 09:22:40 -08:00
2008-05-21 16:55:58 -07:00
2008-04-30 08:29:50 -07:00
2008-04-30 08:29:33 -07:00
2008-05-14 19:11:14 -07:00
2008-05-15 14:46:17 -04:00
2008-05-01 11:15:28 -07:00
2008-04-29 08:06:18 -07:00
2008-04-30 08:29:54 -07:00
2008-04-30 08:29:54 -07:00
2008-04-29 08:06:28 -07:00
2008-05-16 09:43:31 -07:00
2008-05-18 19:13:07 -04:00
2008-05-24 09:56:08 -07:00
2008-05-30 15:15:12 -07:00
2008-04-30 08:29:54 -07:00
2008-05-24 09:56:11 -07:00
2008-04-30 08:29:50 -07:00
2008-04-30 08:29:51 -07:00
2008-03-19 18:53:36 -07:00
2008-04-30 08:29:54 -07:00
2008-05-14 22:34:16 -07:00
2008-04-30 08:29:52 -07:00
2008-05-08 10:48:03 -07:00
2008-05-13 08:02:23 -07:00
2008-04-30 08:29:54 -07:00
2008-05-23 18:12:49 +10:00
2008-04-30 08:29:53 -07:00
2008-05-01 13:08:50 -04:00
2008-04-29 08:06:04 -07:00
2008-04-29 08:06:05 -07:00
2008-05-16 17:23:11 -04:00
2008-04-29 08:06:04 -07:00
2008-04-29 08:06:17 -07:00
2008-04-29 08:06:04 -07:00
2008-04-29 08:06:04 -07:00
2008-04-25 09:23:53 -04:00
2008-05-07 18:35:03 +02:00
2008-02-19 10:04:00 +01:00
2008-04-30 08:29:54 -07:00
2008-04-29 08:06:01 -07:00
2008-04-30 08:29:47 -07:00
2008-05-16 17:23:05 -04:00
2008-04-23 00:04:38 -04:00
2008-02-14 21:17:09 -08:00
2008-02-05 09:44:13 -08:00
2008-05-01 13:08:16 -04:00
2008-05-13 08:02:23 -07:00
2008-04-29 08:06:05 -07:00
2008-05-01 13:08:50 -04:00
2008-05-01 13:08:50 -04:00
2008-05-26 10:37:07 -07:00
2008-05-01 13:08:16 -04:00
2008-05-01 13:08:16 -04:00
2008-05-16 17:22:52 -04:00
2008-04-29 08:06:00 -07:00
2008-05-06 13:13:37 -07:00
2008-04-29 08:06:25 -07:00
2008-04-21 23:11:01 -04:00
2008-04-29 08:06:00 -07:00
2008-04-30 13:38:47 +02:00
2008-04-29 08:06:01 -07:00
2008-02-05 09:44:13 -08:00
2008-05-11 16:04:48 -07:00
2008-04-15 19:35:41 -07:00
2008-03-03 10:47:13 -08:00
2008-05-16 17:23:18 -04:00
2008-04-30 08:29:54 -07:00
2008-02-14 21:13:33 -08:00
2008-05-01 13:08:16 -04:00
2008-05-08 10:46:56 -07:00
2008-04-23 00:05:09 -04:00
2008-04-23 00:05:09 -04:00
2008-04-28 08:58:32 -07:00
2008-04-30 08:29:51 -07:00
2008-04-28 08:58:33 -07:00
2008-04-22 15:17:11 -07:00
2008-05-01 13:08:16 -04:00
2008-04-23 00:04:38 -04:00
2008-05-01 13:08:50 -04:00
2008-05-28 14:49:27 +02:00
2008-02-14 21:13:33 -08:00
2008-04-29 08:06:00 -07:00
2008-04-29 08:06:06 -07:00
2008-05-01 13:08:50 -04:00
2008-05-01 08:03:59 -07:00
2008-04-29 08:06:06 -07:00
ddb2c43594