Skip to content

Commit d6a2cf0

Browse files
committed
Merge branch 'fixes-v4.14-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull key handling fix from James Morris: "Fix by Eric Biggers for the keys subsystem" * 'fixes-v4.14-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2]
2 parents f7dc4c9 + 624f5ab commit d6a2cf0

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

lib/asn1_decoder.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -228,7 +228,7 @@ int asn1_ber_decoder(const struct asn1_decoder *decoder,
228228
hdr = 2;
229229

230230
/* Extract a tag from the data */
231-
if (unlikely(dp >= datalen - 1))
231+
if (unlikely(datalen - dp < 2))
232232
goto data_overrun_error;
233233
tag = data[dp++];
234234
if (unlikely((tag & 0x1f) == ASN1_LONG_TAG))
@@ -274,7 +274,7 @@ int asn1_ber_decoder(const struct asn1_decoder *decoder,
274274
int n = len - 0x80;
275275
if (unlikely(n > 2))
276276
goto length_too_long;
277-
if (unlikely(dp >= datalen - n))
277+
if (unlikely(n > datalen - dp))
278278
goto data_overrun_error;
279279
hdr += n;
280280
for (len = 0; n > 0; n--) {

0 commit comments

Comments
 (0)