Try and fix bug #8472 - Crash in asn.1 parsing code.

Found by Codenomicon at the SNIA plugfest. Don't keep going
in the loop when reading the OIDs fail.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Sep 21 05:24:59 CEST 2011 on sn-devel-104

diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index 4581ce40267eaf6a829356b8b10f4c93121558aa..d584f9f4abd961ff474968cf72f444791a408e4f 100644 (file)
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -126,7 +126,12 @@ bool spnego_parse_negTokenInit(TALLOC_CTX *ctx,
        asn1_start_tag(data,ASN1_CONTEXT(0));
        asn1_start_tag(data,ASN1_SEQUENCE(0));
        for (i=0; asn1_tag_remaining(data) > 0 && i < ASN1_MAX_OIDS-1; i++) {
-               asn1_read_OID(data,ctx, &OIDs[i]);
+               if (!asn1_read_OID(data,ctx, &OIDs[i])) {
+                       break;
+               }
+               if (data->has_error) {
+                       break;
+               }
        }
        OIDs[i] = NULL;
        asn1_end_tag(data);