asn1_der_decoding2: force the right tag on DER When decoding an OCTET STRING ensure that the right tag is present when strict DER is specified. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

commit: 5a94373eab274cc39ba49163d548d58aeffe7adf [log] [tgz]
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> Sat Jan 11 13:06:37 2020 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> Sat Jan 11 13:06:39 2020 +0100
tree: e29d11a526ef4357755ff40dede4124facdfa7a5
parent: 5b146e59a36b8025c168c084970b5b2ffa83f21b [diff]
diff --git a/lib/decoding.c b/lib/decoding.c
index 8366d48..6cc6a3f 100644
--- a/lib/decoding.c
+++ b/lib/decoding.c

@@ -1179,6 +1179,13 @@
               ptag = der + counter - inner_tag_len;
               if ((flags & ASN1_DECODE_FLAG_STRICT_DER) || !(ptag[0] & ASN1_CLASS_STRUCTURED))
                 {
+	          if (ptag[0] & ASN1_CLASS_STRUCTURED)
+		    {
+		      result = ASN1_DER_ERROR;
+                      warn();
+		      goto cleanup;
+		    }
+
 	          len2 =
 		    asn1_get_length_der (der + counter, ider_len, &len3);
 	          if (len2 < 0)
commit	5a94373eab274cc39ba49163d548d58aeffe7adf	[log] [tgz]
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	Sat Jan 11 13:06:37 2020 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	Sat Jan 11 13:06:39 2020 +0100
tree	e29d11a526ef4357755ff40dede4124facdfa7a5
parent	5b146e59a36b8025c168c084970b5b2ffa83f21b [diff]