Check for leading zeros in CBS_get_asn1_uint64. The encoding of an INTEGER should not have leading zeros, except to pad for the sign bit. Change-Id: I80d22818cf1d2ca9d27e215620392e1725372aa5 Reviewed-on: https://boringssl-review.googlesource.com/4218 Reviewed-by: Adam Langley <agl@google.com>

commit: 5933723b7b592e9914f703d630b596e140c93e16 [log] [tgz]
author: David Benjamin <davidben@chromium.org> Fri Apr 03 18:06:00 2015 -0400
committer: Adam Langley <agl@google.com> Mon Apr 06 20:54:53 2015 +0000
tree: 7e132ba2464d6d941b7b5fded0a2b1706a4d0e84
parent: 0afbcc05e61e5f0c2fa9e2f6e748722a65876953 [diff]
diff --git a/crypto/bytestring/bytestring_test.cc b/crypto/bytestring/bytestring_test.cc
index ca3d835..66e9c1e 100644
--- a/crypto/bytestring/bytestring_test.cc
+++ b/crypto/bytestring/bytestring_test.cc

@@ -596,8 +596,10 @@
     {"\x02\x00", 2},
     // Negative number.
     {"\x02\x01\x80", 3},
-    // Overflow
+    // Overflow.
     {"\x02\x09\x01\x00\x00\x00\x00\x00\x00\x00\x00", 11},
+    // Leading zeros.
+    {"\x02\x02\x00\x01", 4},
 };
 
 static bool TestASN1Uint64() {

diff --git a/crypto/bytestring/cbs.c b/crypto/bytestring/cbs.c
index 36d64d8..bd94cce 100644
--- a/crypto/bytestring/cbs.c
+++ b/crypto/bytestring/cbs.c

@@ -291,7 +291,12 @@
   }
 
   if ((data[0] & 0x80) != 0) {
-    /* negative number */
+    /* Negative number. */
+    return 0;
+  }
+
+  if (data[0] == 0 && len > 1 && (data[1] & 0x80) == 0) {
+    /* Extra leading zeros. */
     return 0;
   }
commit	5933723b7b592e9914f703d630b596e140c93e16	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Fri Apr 03 18:06:00 2015 -0400
committer	Adam Langley <agl@google.com>	Mon Apr 06 20:54:53 2015 +0000
tree	7e132ba2464d6d941b7b5fded0a2b1706a4d0e84
parent	0afbcc05e61e5f0c2fa9e2f6e748722a65876953 [diff]