for(len = 0, buf++, skipped = 1;
oct && (++skipped <= size); buf++, oct--) {
- len = (len << 8) | *buf;
- if(len < 0
- || (len >> ((8 * sizeof(len)) - 8) && oct > 1)) {
- /*
- * Too large length value.
- */
+ /* Verify that we won't overflow. */
+ if(!(len >> ((8 * sizeof(len)) - (8+1)))) {
+ len = (len << 8) | *buf;
+ } else {
+ /* Too large length value. */
return -1;
}
}
if(oct == 0) {
- ber_tlv_len_t lenplusepsilon = (size_t)len + 1024;
- /*
- * Here length may be very close or equal to 2G.
- * However, the arithmetics used in some decoders
- * may add some (small) quantities to the length,
- * to check the resulting value against some limits.
- * This may result in integer wrap-around, which
- * we try to avoid by checking it earlier here.
- */
- if(lenplusepsilon < 0) {
- /* Too large length value */
+ if(len < 0 || len > RSSIZE_MAX) {
+ /* Length value out of sane range. */
return -1;
}
}
ssize_t
-ber_skip_length(asn_codec_ctx_t *opt_codec_ctx,
+ber_skip_length(const asn_codec_ctx_t *opt_codec_ctx,
int _is_constructed, const void *ptr, size_t size) {
ber_tlv_len_t vlen; /* Length of V in TLV */
+ ssize_t tl; /* Length of L in TLV */
ssize_t ll; /* Length of L in TLV */
size_t skip;
/*
* Make sure we didn't exceed the maximum stack size.
*/
- if(_ASN_STACK_OVERFLOW_CHECK(opt_codec_ctx))
+ if(ASN__STACK_OVERFLOW_CHECK(opt_codec_ctx))
return -1;
/*
ber_tlv_tag_t tag;
/* Fetch the tag */
- ssize_t tl = ber_fetch_tag(ptr, size, &tag);
+ tl = ber_fetch_tag(ptr, size, &tag);
if(tl <= 0) return tl;
ll = ber_skip_length(opt_codec_ctx,
size_t required_size; /* Size of len encoding */
uint8_t *buf = (uint8_t *)bufp;
uint8_t *end;
- size_t i;
+ int i;
if(len <= 127) {
/* Encoded in 1 octet */
/*
* Compute the size of the subsequent bytes.
*/
- for(required_size = 1, i = 8; i < 8 * sizeof(len); i += 8) {
+ for(required_size = 1, i = 8; i < 8 * (int)sizeof(len); i += 8) {
if(len >> i)
required_size++;
else