Merge branch 'fixes-v4.14-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pull key handling fix from James Morris:
"Fix by Eric Biggers for the keys subsystem"

* 'fixes-v4.14-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2]

Linus Torvalds 8 years ago d6a2cf07 f7dc4c9a

+2 -2

1 changed file

expand all

lib

asn1_decoder.c

+2 -2

lib/asn1_decoder.c

··· 228 228 hdr = 2; 229 229 230 230 /* Extract a tag from the data */ 231 - if (unlikely(dp >= datalen - 1)) 231 + if (unlikely(datalen - dp < 2)) 232 232 goto data_overrun_error; 233 233 tag = data[dp++]; 234 234 if (unlikely((tag & 0x1f) == ASN1_LONG_TAG)) ··· 274 274 int n = len - 0x80; 275 275 if (unlikely(n > 2)) 276 276 goto length_too_long; 277 - if (unlikely(dp >= datalen - n)) 277 + if (unlikely(n > datalen - dp)) 278 278 goto data_overrun_error; 279 279 hdr += n; 280 280 for (len = 0; n > 0; n--) {