diff options
| author | beck <> | 2019-03-24 16:07:25 +0000 |
|---|---|---|
| committer | beck <> | 2019-03-24 16:07:25 +0000 |
| commit | 8157056ce15f6a70ad99702f5d20a820a1d6b2f9 (patch) | |
| tree | 47b2b097acae942b1c78ef6cc67e1a58db5eb6a8 /src | |
| parent | 66f0e9952ce2ad50c63a44df282d6e217c1e9f84 (diff) | |
| download | openbsd-8157056ce15f6a70ad99702f5d20a820a1d6b2f9.tar.gz openbsd-8157056ce15f6a70ad99702f5d20a820a1d6b2f9.tar.bz2 openbsd-8157056ce15f6a70ad99702f5d20a820a1d6b2f9.zip | |
Don't allow asn1_parse2 to recurse arbitrarily deep. Constrain to a max
depth of 128 - For oss-fuzz issue 13802
ok jsing@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/asn1/asn1_par.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/lib/libcrypto/asn1/asn1_par.c b/src/lib/libcrypto/asn1/asn1_par.c index f4b39e81cd..21f92d298d 100644 --- a/src/lib/libcrypto/asn1/asn1_par.c +++ b/src/lib/libcrypto/asn1/asn1_par.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: asn1_par.c,v 1.26 2018/11/09 04:11:06 tb Exp $ */ | 1 | /* $OpenBSD: asn1_par.c,v 1.27 2019/03/24 16:07:25 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -130,6 +130,10 @@ asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, | |||
| 130 | p = *pp; | 130 | p = *pp; |
| 131 | tot = p + length; | 131 | tot = p + length; |
| 132 | op = p - 1; | 132 | op = p - 1; |
| 133 | if (depth > 128) { | ||
| 134 | BIO_printf(bp, "Max depth exceeded\n"); | ||
| 135 | goto end; | ||
| 136 | } | ||
| 133 | while ((p < tot) && (op < p)) { | 137 | while ((p < tot) && (op < p)) { |
| 134 | op = p; | 138 | op = p; |
| 135 | j = ASN1_get_object(&p, &len, &tag, &xclass, length); | 139 | j = ASN1_get_object(&p, &len, &tag, &xclass, length); |