fix XER decoder crash on maliciously constructed ENUMERATED input
diff --git a/ChangeLog b/ChangeLog
index 4db1c27..0169649 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,10 +1,15 @@
0.9.??:
+ FEATURES:
* Added OER support.
* Added LTE RRC example (Bi-Ruei, Chiu).
* Added IEEE 1609.2 example.
* Added SAE J2735 example.
+
+ NOTABLE:
* converter-sample.c renamed into converter-example.c
+
+ FIXES:
* CVE-2017-12966 verified not present.
* Fix incomplete (failed) CHOICE XER decoding memory leak.
(Severity: medium; Security impact: medium)
@@ -12,6 +17,8 @@
(Severity: low; Security impact: medium)
* Fix UPER string decoding constrained only by lower bound > 0
(Severity: low; Security impact: none)
+ * Fix XER decoder crash on maliciously constructed ENUMERATED input.
+ (Severity: medium; Security impact: medium)
0.9.28: 2017-03-26
* PER decoding: avoid memory leak on error. By github.com/simo5
diff --git a/skeletons/INTEGER.c b/skeletons/INTEGER.c
index d8cbca2..d2d8048 100644
--- a/skeletons/INTEGER.c
+++ b/skeletons/INTEGER.c
@@ -238,7 +238,7 @@
/* Compare strings */
for(ptr = key->start, end = key->stop, name = el->enum_name;
ptr < end; ptr++, name++) {
- if(*ptr != *name)
+ if(*ptr != *name || !*name)
return *(const unsigned char *)ptr
- *(const unsigned char *)name;
}