The branch, master has been updated
via ad3ac7e Try and fix bug #8472 - Crash in asn.1 parsing code.
from 9881712 s3: Further fix for bug 8338
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ad3ac7e3c0bdf9b93c6b831f29452fd63fe0818b
Author: Jeremy Allison <j...@samba.org>
Date: Tue Sep 20 18:50:00 2011 -0700
Try and fix bug #8472 - Crash in asn.1 parsing code.
Found by Codenomicon at the SNIA plugfest. Don't keep going
in the loop when reading the OIDs fail.
Autobuild-User: Jeremy Allison <j...@samba.org>
Autobuild-Date: Wed Sep 21 05:24:59 CEST 2011 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source3/libsmb/clispnego.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index 4581ce4..d584f9f 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -126,7 +126,12 @@ bool spnego_parse_negTokenInit(TALLOC_CTX *ctx,
asn1_start_tag(data,ASN1_CONTEXT(0));
asn1_start_tag(data,ASN1_SEQUENCE(0));
for (i=0; asn1_tag_remaining(data) > 0 && i < ASN1_MAX_OIDS-1; i++) {
- asn1_read_OID(data,ctx, &OIDs[i]);
+ if (!asn1_read_OID(data,ctx, &OIDs[i])) {
+ break;
+ }
+ if (data->has_error) {
+ break;
+ }
}
OIDs[i] = NULL;
asn1_end_tag(data);
--
Samba Shared Repository
