import PULS_20180308

[GitHub/mt8127/android_kernel_alcatel_ttab.git] / lib / asn1_decoder.c

diff --git a/lib/asn1_decoder.c b/lib/asn1_decoder.c
index 11b9b01fda6b67303db4a7df22c19e2c35c4c095..b1c885297113f7d42a6f300f396dd77b2543e6e9 100644 (file)
--- a/lib/asn1_decoder.c
+++ b/lib/asn1_decoder.c
@@ -69,7 +69,7 @@ next_tag:
 
        /* Extract a tag from the data */
        tag = data[dp++];
-       if (tag == 0) {
+       if (tag == ASN1_EOC) {
                /* It appears to be an EOC. */
                if (data[dp++] != 0)
                        goto invalid_eoc;
@@ -91,10 +91,8 @@ next_tag:
 
        /* Extract the length */
        len = data[dp++];
-       if (len <= 0x7f) {
-               dp += len;
-               goto next_tag;
-       }
+       if (len <= 0x7f)
+               goto check_length;
 
        if (unlikely(len == ASN1_INDEFINITE_LENGTH)) {
                /* Indefinite length */
@@ -105,14 +103,18 @@ next_tag:
        }
 
        n = len - 0x80;
-       if (unlikely(n > sizeof(size_t) - 1))
+       if (unlikely(n > sizeof(len) - 1))
                goto length_too_long;
        if (unlikely(n > datalen - dp))
                goto data_overrun_error;
-       for (len = 0; n > 0; n--) {
+       len = 0;
+       for (; n > 0; n--) {
                len <<= 8;
                len |= data[dp++];
        }
+check_length:
+       if (len > datalen - dp)
+               goto data_overrun_error;
        dp += len;
        goto next_tag;
 
@@ -208,9 +210,8 @@ next_op:
                unsigned char tmp;
 
                /* Skip conditional matches if possible */
-               if ((op & ASN1_OP_MATCH__COND &&
-                    flags & FLAG_MATCHED) ||
-                   dp == datalen) {
+               if ((op & ASN1_OP_MATCH__COND && flags & FLAG_MATCHED) ||
+                   (op & ASN1_OP_MATCH__SKIP && dp == datalen)) {
                        pc += asn1_op_lengths[op];
                        goto next_op;
                }