From b76881306f907ca5f941dc6b06671d3450dd76d1 Mon Sep 17 00:00:00 2001
From: miod <>
Date: Fri, 11 Jul 2014 14:22:55 +0000
Subject: In asn1_get_length(), tolerate leading zeroes in BER encoding.
 OpenSSL PR #2746 via OpenSSL trunk

---
 src/lib/libcrypto/asn1/asn1_lib.c         | 13 ++++++++-----
 src/lib/libssl/src/crypto/asn1/asn1_lib.c | 13 ++++++++-----
 2 files changed, 16 insertions(+), 10 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c
index b5f3f78b94..d851339753 100644
--- a/src/lib/libcrypto/asn1/asn1_lib.c
+++ b/src/lib/libcrypto/asn1/asn1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_lib.c,v 1.30 2014/07/11 08:44:47 jsing Exp $ */
+/* $OpenBSD: asn1_lib.c,v 1.31 2014/07/11 14:22:55 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -174,15 +174,18 @@ asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max)
 		*inf = 0;
 		i= *p & 0x7f;
 		if (*(p++) & 0x80) {
+			if (max < (int)i)
+				return (0);
+			/* skip leading zeroes */
+			while (i && *p == 0) {
+				p++;
+				i--;
+			}
 			if (i > sizeof(long))
 				return 0;
-			if (max-- == 0)
-				return (0);
 			while (i-- > 0) {
 				ret <<= 8L;
 				ret |= *(p++);
-				if (max-- == 0)
-					return (0);
 			}
 		} else
 			ret = i;
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_lib.c b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
index b5f3f78b94..d851339753 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_lib.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_lib.c,v 1.30 2014/07/11 08:44:47 jsing Exp $ */
+/* $OpenBSD: asn1_lib.c,v 1.31 2014/07/11 14:22:55 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -174,15 +174,18 @@ asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max)
 		*inf = 0;
 		i= *p & 0x7f;
 		if (*(p++) & 0x80) {
+			if (max < (int)i)
+				return (0);
+			/* skip leading zeroes */
+			while (i && *p == 0) {
+				p++;
+				i--;
+			}
 			if (i > sizeof(long))
 				return 0;
-			if (max-- == 0)
-				return (0);
 			while (i-- > 0) {
 				ret <<= 8L;
 				ret |= *(p++);
-				if (max-- == 0)
-					return (0);
 			}
 		} else
 			ret = i;
-- 
cgit v1.2.3-55-g6feb