fix XER decoder crash on maliciously constructed ENUMERATED input

commit: 793982a5816f8781c89220fca6f9cc668b53d602 [log] [tgz]
author: Lev Walkin <vlm@lionet.info> Mon Oct 02 14:12:51 2017 -0700
committer: Lev Walkin <vlm@lionet.info> Mon Oct 02 14:12:51 2017 -0700
tree: a7568ca72f6583518493358ee9e701316e014abe
parent: f5e333e92dce96d82eeef338b49a087c53c70b04 [diff]
diff --git a/ChangeLog b/ChangeLog
index 4db1c27..0169649 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,10 +1,15 @@
 
 0.9.??:
+    FEATURES:
     * Added OER support.
     * Added LTE RRC example (Bi-Ruei, Chiu).
     * Added IEEE 1609.2 example.
     * Added SAE J2735 example.
+
+    NOTABLE:
     * converter-sample.c renamed into converter-example.c
+
+    FIXES:
     * CVE-2017-12966 verified not present.
     * Fix incomplete (failed) CHOICE XER decoding memory leak.
       (Severity: medium; Security impact: medium)
@@ -12,6 +17,8 @@
       (Severity: low; Security impact: medium)
     * Fix UPER string decoding constrained only by lower bound > 0
       (Severity: low; Security impact: none)
+    * Fix XER decoder crash on maliciously constructed ENUMERATED input.
+      (Severity: medium; Security impact: medium)
 
 0.9.28: 2017-03-26
     * PER decoding: avoid memory leak on error. By github.com/simo5

diff --git a/skeletons/INTEGER.c b/skeletons/INTEGER.c
index d8cbca2..d2d8048 100644
--- a/skeletons/INTEGER.c
+++ b/skeletons/INTEGER.c

@@ -238,7 +238,7 @@
 	/* Compare strings */
 	for(ptr = key->start, end = key->stop, name = el->enum_name;
 			ptr < end; ptr++, name++) {
-		if(*ptr != *name)
+		if(*ptr != *name || !*name)
 			return *(const unsigned char *)ptr
 				- *(const unsigned char *)name;
 	}
commit	793982a5816f8781c89220fca6f9cc668b53d602	[log] [tgz]
author	Lev Walkin <vlm@lionet.info>	Mon Oct 02 14:12:51 2017 -0700
committer	Lev Walkin <vlm@lionet.info>	Mon Oct 02 14:12:51 2017 -0700
tree	a7568ca72f6583518493358ee9e701316e014abe
parent	f5e333e92dce96d82eeef338b49a087c53c70b04 [diff]