fix XER decoder crash on maliciously constructed ENUMERATED input

793982a5 · Lev Walkin · f5e333e9 · 793982a5 · 793982a5
Commit 793982a5 authored Oct 02, 2017 by Lev Walkin
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletion

ChangeLog ChangeLog +7 -0

skeletons/INTEGER.c skeletons/INTEGER.c +1 -1

No files found.
--- a/ChangeLog
+++ b/ChangeLog

 0.9.??:
+    FEATURES:
    * Added OER support.
    * Added LTE RRC example (Bi-Ruei, Chiu).
    * Added IEEE 1609.2 example.
    * Added SAE J2735 example.
+
+    NOTABLE:
    * converter-sample.c renamed into converter-example.c
+
+    FIXES:
    * CVE-2017-12966 verified not present.
    * Fix incomplete (failed) CHOICE XER decoding memory leak.
      (Severity: medium; Security impact: medium)
@@ -12,6 +17,8 @@
      (Severity: low; Security impact: medium)
    * Fix UPER string decoding constrained only by lower bound > 0
      (Severity: low; Security impact: none)
+    * Fix XER decoder crash on maliciously constructed ENUMERATED input.
+      (Severity: medium; Security impact: medium)

 0.9.28: 2017-03-26
    * PER decoding: avoid memory leak on error. By github.com/simo5

--- a/skeletons/INTEGER.c
+++ b/skeletons/INTEGER.c
@@ -238,7 +238,7 @@ INTEGER__compar_enum2value(const void *kp, const void *am) {
 	/* Compare strings */
 	for(ptr = key->start, end = key->stop, name = el->enum_name;
 			ptr < end; ptr++, name++) {
-		if(*ptr != *name)
+		if(*ptr != *name || !*name)
 			return *(const unsigned char *)ptr
 				- *(const unsigned char *)name;
 	}