[3519] in Kerberos-V5-bugs
[krbdev.mit.edu #1211] CVS Commit
daemon@ATHENA.MIT.EDU (Tom Yu via RT)
Mon Oct 7 22:28:12 2002
Message-Id: <rt-1211-3143.15.5617480137784@krbdev.mit.edu>
In-Reply-To: <rt-1211@krbdev.mit.edu>
From: "Tom Yu via RT" <rt-comment@krbdev.mit.edu>
Reply-To: rt-comment@krbdev.mit.edu
To: krb5-prs@mit.edu
Errors-To: krb5-bugs-admin@mit.edu
Date: Mon, 7 Oct 2002 22:27:43 -0400 (EDT)
* asn1_get.c (asn1_get_tag_indef): Stomp on asn1class,
construction, retlen, and indef, even if we've hit the end of the
buffer, to avoid passing uninitialized values around.
* asn1_k_decode.c: Reformat somewhat and add comments to demystify
things a little.
(opt_field): Fix to explicitly check for end of subbuf before
verifying the pre-fetched tag, which may have been stomped on by
asn1_get_tag_indef() encountering end-of-buffer.
* krb5_decode.c (opt_field, opt_lenfield): Fix to explicitly check
for end of subbuf before verifying the pre-fetched tag, which may
have been stomped on by asn1_get_tag_indef() encountering
end-of-buffer.
To generate a diff of this commit:
cvs diff -r5.125 -r5.126 krb5/src/lib/krb5/asn.1/ChangeLog
cvs diff -r5.15 -r5.16 krb5/src/lib/krb5/asn.1/asn1_get.c
cvs diff -r5.38 -r5.39 krb5/src/lib/krb5/asn.1/asn1_k_decode.c
cvs diff -r5.37 -r5.38 krb5/src/lib/krb5/asn.1/krb5_decode.c
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs
