diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-04-15 02:37:09 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-05-03 13:06:15 +0100 |
commit | d7ab691bc479d3cf2eea07329db6ce0e2589f0b9 (patch) | |
tree | ad78427ab9613eaf07a1e4d48e5680cc9b2dc81c /crypto/asn1/a_type.c | |
parent | d202a602e07b7090e3e5d75216b47cc7eb6fd4b6 (diff) |
Fix ASN1_INTEGER handling.
Only treat an ASN1_ANY type as an integer if it has the V_ASN1_INTEGER
tag: V_ASN1_NEG_INTEGER is an internal only value which is never used
for on the wire encoding.
Thanks to David Benjamin <davidben@google.com> for reporting this bug.
This was found using libFuzzer.
RT#4364 (part)CVE-2016-2108.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Diffstat (limited to 'crypto/asn1/a_type.c')
-rw-r--r-- | crypto/asn1/a_type.c | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index 8dea2e0e5c..e132b0c40a 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -122,9 +122,7 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) result = 0; /* They do not have content. */ break; case V_ASN1_INTEGER: - case V_ASN1_NEG_INTEGER: case V_ASN1_ENUMERATED: - case V_ASN1_NEG_ENUMERATED: case V_ASN1_BIT_STRING: case V_ASN1_OCTET_STRING: case V_ASN1_SEQUENCE: |