Reinstate the check for invalid length BIT STRINGS,

which was effectively bypassed in the ASN1 changed.
author: Dr. Stephen Henson <steve@openssl.org> 2002-08-23 00:02:11 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2002-08-23 00:02:11 +0000
commit: 41ab00bedf7259c60555a080219ed68e1afb8a22 (patch)
tree: de4d1dfb1d2d362b8c7b5ef97a550943bfa8038f /crypto/asn1/tasn_dec.c
parent: fc85ac20c7540c2db46235f32b3505db6ca7f304 (diff)
download: openssl-41ab00bedf7259c60555a080219ed68e1afb8a22.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 0fc1f421e2..f87c08793a 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -913,10 +913,10 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *i
 			ctx->ptag = ptag;
 			ctx->hdrlen = p - q;
 			ctx->valid = 1;
-			/* If definite length, length + header can't exceed total
-			 * amount of data available.
+			/* If definite length, and no error, length +
+			 * header can't exceed total amount of data available. 
 			 */
-			if(!(i & 1) && ((plen + ctx->hdrlen) > len)) {
+			if(!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
 				ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
 				asn1_tlc_clear(ctx);
 				return 0;
author	Dr. Stephen Henson <steve@openssl.org>	2002-08-23 00:02:11 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2002-08-23 00:02:11 +0000
commit	41ab00bedf7259c60555a080219ed68e1afb8a22 (patch)
tree	de4d1dfb1d2d362b8c7b5ef97a550943bfa8038f /crypto/asn1/tasn_dec.c
parent	fc85ac20c7540c2db46235f32b3505db6ca7f304 (diff)
download	openssl-41ab00bedf7259c60555a080219ed68e1afb8a22.tar.gz