svn rev #25701: trunk/src/lib/krb5/asn.1/
ghudson@MIT.EDU
ghudson at MIT.EDU
Tue Feb 14 17:14:54 EST 2012
http://src.mit.edu/fisheye/changelog/krb5/?cs=25701
Commit By: ghudson
Log Message:
Fix void pointer arithmetic in ASN.1 decoder
An expression in decode_sequence_of was incorrectly parenthesized,
resulting in addition to a void pointer. Also avoid repeating the
expression.
Changed Files:
U trunk/src/lib/krb5/asn.1/asn1_encode.c
Modified: trunk/src/lib/krb5/asn.1/asn1_encode.c
===================================================================
--- trunk/src/lib/krb5/asn.1/asn1_encode.c 2012-02-14 18:26:50 UTC (rev 25700)
+++ trunk/src/lib/krb5/asn.1/asn1_encode.c 2012-02-14 22:14:54 UTC (rev 25701)
@@ -1529,7 +1529,7 @@
size_t *count_out)
{
asn1_error_code ret;
- void *seq = NULL, *newseq;
+ void *seq = NULL, *elem, *newseq;
const unsigned char *contents;
size_t clen, count = 0;
taginfo t;
@@ -1550,9 +1550,9 @@
goto error;
}
seq = newseq;
- memset((char *)(seq + count * elemtype->size), 0, elemtype->size);
- ret = decode_atype(&t, contents, clen, elemtype,
- (char *)(seq + count * elemtype->size));
+ elem = (char *)seq + count * elemtype->size;
+ memset(elem, 0, elemtype->size);
+ ret = decode_atype(&t, contents, clen, elemtype, elem);
if (ret)
goto error;
count++;
More information about the cvs-krb5
mailing list