summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbeck <>2015-12-04 04:21:36 +0000
committerbeck <>2015-12-04 04:21:36 +0000
commit2afcba54e32e687619f9296fcf749d72a8f9a2ec (patch)
tree6774729b624606db4783cc90330641293cd21c26
parent35fcfe01981108e67b17b6dec5fc26ec73cd1db4 (diff)
downloadopenbsd-2afcba54e32e687619f9296fcf749d72a8f9a2ec.tar.gz
openbsd-2afcba54e32e687619f9296fcf749d72a8f9a2ec.tar.bz2
openbsd-2afcba54e32e687619f9296fcf749d72a8f9a2ec.zip
Fix for OpenSSL CVE-2015-3195
-rw-r--r--src/lib/libssl/src/crypto/asn1/tasn_dec.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
index f08514dc83..c5f9ff9943 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tasn_dec.c,v 1.27 2015/07/20 15:41:48 miod Exp $ */ 1/* $OpenBSD: tasn_dec.c,v 1.27.4.1 2015/12/04 04:21:36 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -166,6 +166,10 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
166 int otag; 166 int otag;
167 int ret = 0; 167 int ret = 0;
168 ASN1_VALUE **pchptr; 168 ASN1_VALUE **pchptr;
169 int combine;
170
171 combine = aclass & ASN1_TFLG_COMBINE;
172 aclass &= ~ASN1_TFLG_COMBINE;
169 173
170 if (!pval) 174 if (!pval)
171 return 0; 175 return 0;
@@ -447,7 +451,8 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
447auxerr: 451auxerr:
448 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); 452 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
449err: 453err:
450 ASN1_item_ex_free(pval, it); 454 if (combine == 0)
455 ASN1_item_ex_free(pval, it);
451 if (errtt) 456 if (errtt)
452 ERR_asprintf_error_data("Field=%s, Type=%s", errtt->field_name, 457 ERR_asprintf_error_data("Field=%s, Type=%s", errtt->field_name,
453 it->sname); 458 it->sname);
@@ -642,7 +647,7 @@ asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len,
642 } else { 647 } else {
643 /* Nothing special */ 648 /* Nothing special */
644 ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), 649 ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
645 -1, 0, opt, ctx); 650 -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
646 if (!ret) { 651 if (!ret) {
647 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, 652 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
648 ERR_R_NESTED_ASN1_ERROR); 653 ERR_R_NESTED_ASN1_ERROR);