Fix decoding functions, so that they don't run off the end of the

buffer.

diff --git a/pkcs1.c b/pkcs1.c
index 2dbf6de..f725f41 100644 (file)
--- a/pkcs1.c
+++ b/pkcs1.c
@@ -1,6 +1,6 @@
 /* -*-c-*-
  *
- * $Id: pkcs1.c,v 1.1 2000/07/01 11:17:38 mdw Exp $
+ * $Id: pkcs1.c,v 1.2 2000/07/05 17:49:48 mdw Exp $
  *
  * PKCS#1 1.5 packing
  *
@@ -30,6 +30,10 @@
 /*----- Revision history --------------------------------------------------* 
  *
  * $Log: pkcs1.c,v $
+ * Revision 1.2  2000/07/05 17:49:48  mdw
+ * Fix decoding functions, so that they don't run off the end of the
+ * buffer.
+ *
  * Revision 1.1  2000/07/01 11:17:38  mdw
  * New support for PKCS#1 message encoding.
  *
@@ -131,7 +135,7 @@ int pkcs1_cryptdecode(const void *buf, size_t sz, dstr *d, void *p)
   i = 0;
   while (*q != 0 && q < qq)
     i++, q++;
-  if (i < 8 || q == qq)
+  if (i < 8 || qq - q < pp->epsz + 1)
     return (-1);
   q++;
 
@@ -227,11 +231,8 @@ int pkcs1_sigdecode(const void *buf, size_t sz, dstr *d, void *p)
   i = 0;
   while (*q == 0xff && q < qq)
     i++, q++;
-  if (i < 8 || q == qq)
-    return (-1);
-  if (*q != 0)
+  if (i < 8 || qq - q < pp->epsz + 1 || *q++ != 0)
     return (-1);
-  q++;
 
   /* --- Check the encoding parameters --- */