Skip to content

M
mruby
Unverified Commit 3b59c95e authored by Yukihiro "Matz" Matsumoto's avatar Yukihiro "Matz" Matsumoto
Browse files
Options

pack.c: check integer overflow in unpacking BER; fix #5611

parent 42a6872c
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 0 deletions
mrbgems/mruby-pack/src/pack.c
View file @ 3b59c95e
...@@ -415,6 +415,9 @@ unpack_BER(mrb_state *mrb, const unsigned char *src, int srclen, mrb_value ary, ...@@ -415,6 +415,9 @@ unpack_BER(mrb_state *mrb, const unsigned char *src, int srclen, mrb_value ary,
const unsigned char *e = p + srclen; const unsigned char *e = p + srclen;
for (i=1; p<e; p++,i++) { for (i=1; p<e; p++,i++) {
if (n > (MRB_INT_MAX>>7)) {
mrb_raise(mrb, E_RANGE_ERROR, "BER unpacking 'w' overflow");
}
n <<= 7; n <<= 7;
n |= *p & 0x7f; n |= *p & 0x7f;
if ((*p & 0x80) == 0) break; if ((*p & 0x80) == 0) break;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment