From b2a0d1e66a78dd8307ef6d5a09c6f55dc209edaa Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 30 Jul 2013 17:40:32 +0200
Subject: [PATCH] Fix handling of invalid ASN.1 length in is_asn1()

Fixes CVE-2013-5018.
---
 src/libstrongswan/asn1/asn1.c |    5 +++++
 src/pluto/asn1.c              |    5 +++++
 2 files changed, 10 insertions(+)

diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index fb6adcb..3ed91df 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -540,6 +540,11 @@ bool is_asn1(chunk_t blob)
 
 	len = asn1_length(&blob);
 
+	if (len == ASN1_INVALID_LENGTH)
+	{
+		return FALSE;
+	}
+
 	/* exact match */
 	if (len == blob.len)
 	{
diff --git a/src/pluto/asn1.c b/src/pluto/asn1.c
index a9fde02..cbd85bb 100644
--- a/src/pluto/asn1.c
+++ b/src/pluto/asn1.c
@@ -804,6 +804,11 @@ is_asn1(chunk_t blob)
 
     len = asn1_length(&blob);
  
+	if (len == ASN1_INVALID_LENGTH)
+	{
+		return FALSE;
+	}
+
     /* exact match */
     if (len == blob.len)
     {
-- 
1.7.10.4

