Calculate sequence length properly.

Use correct length in old ASN.1 indefinite length sequence decoder (only used by SSL_SESSION). This bug was discovered by Hanno Böck using libfuzzer. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 436dead2e2a157fa501a7538a77b6078391b477f)
author: Dr. Stephen Henson <steve@openssl.org> 2016-08-02 23:53:41 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2016-08-03 02:36:08 +0100
commit: 5db2a579b72b94aa0dacb08530768a1a5759237d (patch)
tree: 0e17220f2131ed2982189e07017a67ad5ad8ad6e
parent: c648bdcc4cd8a7d1699081d339ff33deda69a3be (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 8752654103..80f5f2b014 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -328,7 +328,7 @@ int asn1_GetSequence(ASN1_const_CTX *c, long *length)
         return (0);
     }
     if (c->inf == (1 | V_ASN1_CONSTRUCTED))
-        c->slen = *length + *(c->pp) - c->p;
+        c->slen = *length;
     c->eos = 0;
     return (1);
 }
author	Dr. Stephen Henson <steve@openssl.org>	2016-08-02 23:53:41 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2016-08-03 02:36:08 +0100
commit	5db2a579b72b94aa0dacb08530768a1a5759237d (patch)
tree	0e17220f2131ed2982189e07017a67ad5ad8ad6e
parent	c648bdcc4cd8a7d1699081d339ff33deda69a3be (diff)