diff options
author | jsing <> | 2021-12-09 16:58:44 +0000 |
---|---|---|
committer | jsing <> | 2021-12-09 16:58:44 +0000 |
commit | 649b488ffb7d66798965a8c6a9eef5b666d1ea19 (patch) | |
tree | 143559c62c1aa4a07e8fa25ad18a82a6e9ac09c1 /src/lib/libc | |
parent | 96ce954ac22721287df64aafe5436242c2d033ec (diff) | |
download | openbsd-649b488ffb7d66798965a8c6a9eef5b666d1ea19.tar.gz openbsd-649b488ffb7d66798965a8c6a9eef5b666d1ea19.tar.bz2 openbsd-649b488ffb7d66798965a8c6a9eef5b666d1ea19.zip |
Pull the recursion depth check up to the top of asn1_collect()
ok inoguchi@ tb@
Diffstat (limited to '')
-rw-r--r-- | src/lib/libcrypto/asn1/tasn_dec.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c index b1fb5886c4..aa97bc8f4e 100644 --- a/src/lib/libcrypto/asn1/tasn_dec.c +++ b/src/lib/libcrypto/asn1/tasn_dec.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: tasn_dec.c,v 1.42 2021/12/09 16:56:15 jsing Exp $ */ | 1 | /* $OpenBSD: tasn_dec.c,v 1.43 2021/12/09 16:58:44 jsing Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 2000. | 3 | * project 2000. |
4 | */ | 4 | */ |
@@ -1020,6 +1020,11 @@ asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, char inf, | |||
1020 | long plen; | 1020 | long plen; |
1021 | char cst, ininf; | 1021 | char cst, ininf; |
1022 | 1022 | ||
1023 | if (depth > ASN1_MAX_STRING_NEST) { | ||
1024 | ASN1error(ASN1_R_NESTED_ASN1_STRING); | ||
1025 | return 0; | ||
1026 | } | ||
1027 | |||
1023 | p = *in; | 1028 | p = *in; |
1024 | inf &= 1; | 1029 | inf &= 1; |
1025 | 1030 | ||
@@ -1045,10 +1050,6 @@ asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, char inf, | |||
1045 | 1050 | ||
1046 | /* If indefinite length constructed update max length */ | 1051 | /* If indefinite length constructed update max length */ |
1047 | if (cst) { | 1052 | if (cst) { |
1048 | if (depth >= ASN1_MAX_STRING_NEST) { | ||
1049 | ASN1error(ASN1_R_NESTED_ASN1_STRING); | ||
1050 | return 0; | ||
1051 | } | ||
1052 | if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, | 1053 | if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, |
1053 | depth + 1)) | 1054 | depth + 1)) |
1054 | return 0; | 1055 | return 0; |