From 51612fca32dda445056ca9a7533bae258acd3ecb Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sat, 17 May 2014 00:06:01 +0200
Subject: check for zero size in time and object ids.

---
 lib/decoding.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'lib/decoding.c')

diff --git a/lib/decoding.c b/lib/decoding.c
index 1151afe..7c6c9af 100644
--- a/lib/decoding.c
+++ b/lib/decoding.c
@@ -284,9 +284,11 @@ _asn1_get_time_der (const unsigned char *der, int der_len, int *ret_len,
 
   if (der_len <= 0 || str == NULL)
     return ASN1_DER_ERROR;
+
   str_len = asn1_get_length_der (der, der_len, &len_len);
-  if (str_len < 0 || str_size < str_len)
+  if (str_len <= 0 || str_size < str_len)
     return ASN1_DER_ERROR;
+
   memcpy (str, der + len_len, str_len);
   str[str_len] = 0;
   *ret_len = str_len + len_len;
@@ -312,7 +314,7 @@ _asn1_get_objectid_der (const unsigned char *der, int der_len, int *ret_len,
 
   len = asn1_get_length_der (der, der_len, &len_len);
 
-  if (len < 0 || len > der_len || len_len > der_len)
+  if (len <= 0 || len + len_len > der_len)
     return ASN1_DER_ERROR;
 
   val1 = der[len_len] / 40;
-- 
cgit v1.2.3