Merge tag 'keys-fixes-20160512' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs (02c9c0e9) · Commits · e / devices / android_kernel_fairphone_FP4

lib/asn1_decoder.c

+9 −7

Original line number	Diff line number	Diff line
		@@ -74,7 +74,7 @@ static int asn1_find_indefinite_length(const unsigned char *data, size_t datalen

		/* Extract a tag from the data */
		tag = data[dp++];
		if (tag == 0) {
		if (tag == ASN1_EOC) {
		/* It appears to be an EOC. */
		if (data[dp++] != 0)
		goto invalid_eoc;
		@@ -96,10 +96,8 @@ static int asn1_find_indefinite_length(const unsigned char *data, size_t datalen

		/* Extract the length */
		len = data[dp++];
		if (len <= 0x7f) {
		dp += len;
		goto next_tag;
		}
		if (len <= 0x7f)
		goto check_length;

		if (unlikely(len == ASN1_INDEFINITE_LENGTH)) {
		/* Indefinite length */
		@@ -110,14 +108,18 @@ static int asn1_find_indefinite_length(const unsigned char *data, size_t datalen
		}

		n = len - 0x80;
		if (unlikely(n > sizeof(size_t) - 1))
		if (unlikely(n > sizeof(len) - 1))
		goto length_too_long;
		if (unlikely(n > datalen - dp))
		goto data_overrun_error;
		for (len = 0; n > 0; n--) {
		len = 0;
		for (; n > 0; n--) {
		len <<= 8;
		len \|= data[dp++];
		}
		check_length:
		if (len > datalen - dp)
		goto data_overrun_error;
		dp += len;
		goto next_tag;