[krbdev.mit.edu #2543] DER Bug
Zhihong Zhang via RT
rt-comment at krbdev.mit.edu
Wed Apr 21 18:48:35 EDT 2004
I found this bug in MIT code. If you have the same code, you should
fix it. This breaks any tag bigger than 30.
Zhihong
>
> Found a bug in the DER decoder of KRB5-1.28.
>
> This loop in asn1_get.c is wrong,
>
> do{
> retval = asn1buf_remove_octet(buf,&o);
> if(retval) return retval;
> tn = (tn<<7) + (asn1_tagnum)(o&0x7F);
> }while(tn&0x80);
>
> It should be "while(o&0x80)".
>
> The effect is that it can't decode any tags bigger than 30.
>
> Zhihong
>
More information about the krb5-bugs
mailing list