From 936c5dd90eef8ce9436049c55b76386056708976 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Sun, 24 Mar 2019 16:07:25 +0000
Subject: Don't allow asn1_parse2 to recurse arbitrarily deep. Constrain to a
 max depth of 128 - For oss-fuzz issue 13802 ok jsing@

---
 src/lib/libcrypto/asn1/asn1_par.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/asn1/asn1_par.c b/src/lib/libcrypto/asn1/asn1_par.c
index f4b39e81cd..21f92d298d 100644
--- a/src/lib/libcrypto/asn1/asn1_par.c
+++ b/src/lib/libcrypto/asn1/asn1_par.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_par.c,v 1.26 2018/11/09 04:11:06 tb Exp $ */
+/* $OpenBSD: asn1_par.c,v 1.27 2019/03/24 16:07:25 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -130,6 +130,10 @@ asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset,
 	p = *pp;
 	tot = p + length;
 	op = p - 1;
+	if (depth > 128) {
+		BIO_printf(bp, "Max depth exceeded\n");
+		goto end;
+	}
 	while ((p < tot) && (op < p)) {
 		op = p;
 		j = ASN1_get_object(&p, &len, &tag, &xclass, length);
-- 
cgit v1.2.3-55-g6feb