X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/cd6c3eeba0c396300391d99e8a17558dca5305fd..2685767a6125c1620719c7de6234aedf41857b7e:/pkcs1.c

diff --git a/pkcs1.c b/pkcs1.c
index 2dbf6de..dd19569 100644
--- a/pkcs1.c
+++ b/pkcs1.c
@@ -1,6 +1,6 @@
 /* -*-c-*-
  *
- * $Id: pkcs1.c,v 1.1 2000/07/01 11:17:38 mdw Exp $
+ * $Id: pkcs1.c,v 1.3 2000/10/08 12:07:04 mdw Exp $
  *
  * PKCS#1 1.5 packing
  *
@@ -30,6 +30,13 @@
 /*----- Revision history --------------------------------------------------* 
  *
  * $Log: pkcs1.c,v $
+ * Revision 1.3  2000/10/08 12:07:04  mdw
+ * Don't do arithmetic on @void *@ pointers.
+ *
+ * Revision 1.2  2000/07/05 17:49:48  mdw
+ * Fix decoding functions, so that they don't run off the end of the
+ * buffer.
+ *
  * Revision 1.1  2000/07/01 11:17:38  mdw
  * New support for PKCS#1 message encoding.
  *
@@ -119,7 +126,7 @@ int pkcs1_cryptdecode(const void *buf, size_t sz, dstr *d, void *p)
   if (pp->epsz + 11 > sz)
     return (-1);
   q = buf;
-  qq = buf + sz;
+  qq = q + sz;
 
   /* --- Ensure that the block looks OK --- */
 
@@ -131,7 +138,7 @@ int pkcs1_cryptdecode(const void *buf, size_t sz, dstr *d, void *p)
   i = 0;
   while (*q != 0 && q < qq)
     i++, q++;
-  if (i < 8 || q == qq)
+  if (i < 8 || qq - q < pp->epsz + 1)
     return (-1);
   q++;
 
@@ -215,7 +222,7 @@ int pkcs1_sigdecode(const void *buf, size_t sz, dstr *d, void *p)
   if (pp->epsz + 10 > sz)
     return (-1);
   q = buf;
-  qq = buf + sz;
+  qq = q + sz;
 
   /* --- Ensure that the block looks OK --- */
 
@@ -227,11 +234,8 @@ int pkcs1_sigdecode(const void *buf, size_t sz, dstr *d, void *p)
   i = 0;
   while (*q == 0xff && q < qq)
     i++, q++;
-  if (i < 8 || q == qq)
-    return (-1);
-  if (*q != 0)
+  if (i < 8 || qq - q < pp->epsz + 1 || *q++ != 0)
     return (-1);
-  q++;
 
   /* --- Check the encoding parameters --- */