From b6f66ef7a475c9fa45a9b91e4b9e9f0a5b40ec6e Mon Sep 17 00:00:00 2001 From: miod <> Date: Fri, 11 Jul 2014 14:49:12 +0000 Subject: In ASN1_get_object(), reject primitive encodings using the indefinite length constructed form. OpenSSL PR #2438 via OpenSSL trunk --- src/lib/libcrypto/asn1/asn1_lib.c | 5 ++++- src/lib/libssl/src/crypto/asn1/asn1_lib.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c index d851339753..2b952abae6 100644 --- a/src/lib/libcrypto/asn1/asn1_lib.c +++ b/src/lib/libcrypto/asn1/asn1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_lib.c,v 1.31 2014/07/11 14:22:55 miod Exp $ */ +/* $OpenBSD: asn1_lib.c,v 1.32 2014/07/11 14:49:12 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -137,6 +137,9 @@ ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, if (!asn1_get_length(&p, &inf, plength, (int)max)) goto err; + if (inf && !(ret & V_ASN1_CONSTRUCTED)) + goto err; + #if 0 fprintf(stderr, "p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", (int)p, *plength, omax, (int)*pp, (int)(p+ *plength), diff --git a/src/lib/libssl/src/crypto/asn1/asn1_lib.c b/src/lib/libssl/src/crypto/asn1/asn1_lib.c index d851339753..2b952abae6 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1_lib.c +++ b/src/lib/libssl/src/crypto/asn1/asn1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_lib.c,v 1.31 2014/07/11 14:22:55 miod Exp $ */ +/* $OpenBSD: asn1_lib.c,v 1.32 2014/07/11 14:49:12 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -137,6 +137,9 @@ ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, if (!asn1_get_length(&p, &inf, plength, (int)max)) goto err; + if (inf && !(ret & V_ASN1_CONSTRUCTED)) + goto err; + #if 0 fprintf(stderr, "p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", (int)p, *plength, omax, (int)*pp, (int)(p+ *plength), -- cgit v1.2.3-55-g6feb