diff options
Diffstat (limited to 'src/lib/libcrypto/asn1/tasn_dec.c')
| -rw-r--r-- | src/lib/libcrypto/asn1/tasn_dec.c | 44 |
1 files changed, 11 insertions, 33 deletions
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c index 48bc1c0d4d..ced641698e 100644 --- a/src/lib/libcrypto/asn1/tasn_dec.c +++ b/src/lib/libcrypto/asn1/tasn_dec.c | |||
| @@ -69,7 +69,7 @@ static int asn1_check_eoc(const unsigned char **in, long len); | |||
| 69 | static int asn1_find_end(const unsigned char **in, long len, char inf); | 69 | static int asn1_find_end(const unsigned char **in, long len, char inf); |
| 70 | 70 | ||
| 71 | static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, | 71 | static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, |
| 72 | char inf, int tag, int aclass, int depth); | 72 | char inf, int tag, int aclass); |
| 73 | 73 | ||
| 74 | static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); | 74 | static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); |
| 75 | 75 | ||
| @@ -611,6 +611,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, | |||
| 611 | 611 | ||
| 612 | err: | 612 | err: |
| 613 | ASN1_template_free(val, tt); | 613 | ASN1_template_free(val, tt); |
| 614 | *val = NULL; | ||
| 614 | return 0; | 615 | return 0; |
| 615 | } | 616 | } |
| 616 | 617 | ||
| @@ -757,6 +758,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, | |||
| 757 | 758 | ||
| 758 | err: | 759 | err: |
| 759 | ASN1_template_free(val, tt); | 760 | ASN1_template_free(val, tt); |
| 761 | *val = NULL; | ||
| 760 | return 0; | 762 | return 0; |
| 761 | } | 763 | } |
| 762 | 764 | ||
| @@ -876,7 +878,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, | |||
| 876 | * internally irrespective of the type. So instead just check | 878 | * internally irrespective of the type. So instead just check |
| 877 | * for UNIVERSAL class and ignore the tag. | 879 | * for UNIVERSAL class and ignore the tag. |
| 878 | */ | 880 | */ |
| 879 | if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) | 881 | if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) |
| 880 | { | 882 | { |
| 881 | free_cont = 1; | 883 | free_cont = 1; |
| 882 | goto err; | 884 | goto err; |
| @@ -1010,18 +1012,6 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, | |||
| 1010 | case V_ASN1_SET: | 1012 | case V_ASN1_SET: |
| 1011 | case V_ASN1_SEQUENCE: | 1013 | case V_ASN1_SEQUENCE: |
| 1012 | default: | 1014 | default: |
| 1013 | if (utype == V_ASN1_BMPSTRING && (len & 1)) | ||
| 1014 | { | ||
| 1015 | ASN1err(ASN1_F_ASN1_EX_C2I, | ||
| 1016 | ASN1_R_BMPSTRING_IS_WRONG_LENGTH); | ||
| 1017 | goto err; | ||
| 1018 | } | ||
| 1019 | if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) | ||
| 1020 | { | ||
| 1021 | ASN1err(ASN1_F_ASN1_EX_C2I, | ||
| 1022 | ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); | ||
| 1023 | goto err; | ||
| 1024 | } | ||
| 1025 | /* All based on ASN1_STRING and handled the same */ | 1015 | /* All based on ASN1_STRING and handled the same */ |
| 1026 | if (!*pval) | 1016 | if (!*pval) |
| 1027 | { | 1017 | { |
| @@ -1138,18 +1128,8 @@ static int asn1_find_end(const unsigned char **in, long len, char inf) | |||
| 1138 | * if it is indefinite length. | 1128 | * if it is indefinite length. |
| 1139 | */ | 1129 | */ |
| 1140 | 1130 | ||
| 1141 | #ifndef ASN1_MAX_STRING_NEST | ||
| 1142 | /* This determines how many levels of recursion are permitted in ASN1 | ||
| 1143 | * string types. If it is not limited stack overflows can occur. If set | ||
| 1144 | * to zero no recursion is allowed at all. Although zero should be adequate | ||
| 1145 | * examples exist that require a value of 1. So 5 should be more than enough. | ||
| 1146 | */ | ||
| 1147 | #define ASN1_MAX_STRING_NEST 5 | ||
| 1148 | #endif | ||
| 1149 | |||
| 1150 | |||
| 1151 | static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, | 1131 | static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, |
| 1152 | char inf, int tag, int aclass, int depth) | 1132 | char inf, int tag, int aclass) |
| 1153 | { | 1133 | { |
| 1154 | const unsigned char *p, *q; | 1134 | const unsigned char *p, *q; |
| 1155 | long plen; | 1135 | long plen; |
| @@ -1191,15 +1171,13 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, | |||
| 1191 | /* If indefinite length constructed update max length */ | 1171 | /* If indefinite length constructed update max length */ |
| 1192 | if (cst) | 1172 | if (cst) |
| 1193 | { | 1173 | { |
| 1194 | if (depth >= ASN1_MAX_STRING_NEST) | 1174 | #ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS |
| 1195 | { | 1175 | if (!asn1_collect(buf, &p, plen, ininf, tag, aclass)) |
| 1196 | ASN1err(ASN1_F_ASN1_COLLECT, | ||
| 1197 | ASN1_R_NESTED_ASN1_STRING); | ||
| 1198 | return 0; | ||
| 1199 | } | ||
| 1200 | if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, | ||
| 1201 | depth + 1)) | ||
| 1202 | return 0; | 1176 | return 0; |
| 1177 | #else | ||
| 1178 | ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING); | ||
| 1179 | return 0; | ||
| 1180 | #endif | ||
| 1203 | } | 1181 | } |
| 1204 | else if (plen && !collect_data(buf, &p, plen)) | 1182 | else if (plen && !collect_data(buf, &p, plen)) |
| 1205 | return 0; | 1183 | return 0; |