Fix DER length decoding bug

`asn1_length_from_der` incorrectly accept the BER long length.
2026-05-07 00:46:17 +08:00 · 2024-06-11 23:18:55 +08:00
parent 75430408c2
commit b1f25ab306
2 changed files with 42 additions and 0 deletions
--- a/src/asn1.c
+++ b/src/asn1.c
@@ -202,6 +202,15 @@ int asn1_length_from_der(size_t *len, const uint8_t **in, size_t *inlen)
 			error_print();
 			return -1;
 		}
+		// make sure length is not in BER long presentation
+		if (nbytes == 1 && **in < 0x80) {
+			error_print();
+			return -1;
+		}
+		if (nbytes > 1 && **in == 0) {
+			error_print();
+			return -1;
+		}

 		memcpy(buf + 4 - nbytes, *in, nbytes);
 		*len = (size_t)GETU32(buf);