summaryrefslogtreecommitdiffstats
path: root/pb_decode.c
diff options
context:
space:
mode:
authorPetteri Aimonen <jpa@git.mail.kapsi.fi>2017-03-12 12:18:32 +0200
committerPetteri Aimonen <jpa@git.mail.kapsi.fi>2017-03-12 12:18:32 +0200
commit44e559d9ce74855bd48d8050ab6cf6391b980239 (patch)
tree81eb324b8dfd451e9ad1dc227985bd14a6d94a19 /pb_decode.c
parent459d9cf45c7a47e6fd034a134cc7653db82e8fe8 (diff)
Fix potential out-of-bounds read with more than 64 required fields
Diffstat (limited to 'pb_decode.c')
-rw-r--r--pb_decode.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/pb_decode.c b/pb_decode.c
index e2e90caa..06d766af 100644
--- a/pb_decode.c
+++ b/pb_decode.c
@@ -934,6 +934,9 @@ bool checkreturn pb_decode_noinit(pb_istream_t *stream, const pb_field_t fields[
if (PB_HTYPE(last_type) == PB_HTYPE_REQUIRED && iter.pos->tag != 0)
req_field_count++;
+ if (req_field_count > PB_MAX_REQUIRED_FIELDS)
+ req_field_count = PB_MAX_REQUIRED_FIELDS;
+
if (req_field_count > 0)
{
/* Check the whole words */
@@ -943,9 +946,15 @@ bool checkreturn pb_decode_noinit(pb_istream_t *stream, const pb_field_t fields[
PB_RETURN_ERROR(stream, "missing required field");
}
- /* Check the remaining bits */
- if (fields_seen[req_field_count >> 5] != (allbits >> (32 - (req_field_count & 31))))
- PB_RETURN_ERROR(stream, "missing required field");
+ /* Check the remaining bits (if any) */
+ if ((req_field_count & 31) != 0)
+ {
+ if (fields_seen[req_field_count >> 5] !=
+ (allbits >> (32 - (req_field_count & 31))))
+ {
+ PB_RETURN_ERROR(stream, "missing required field");
+ }
+ }
}
}