diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-06-04 12:48:00 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-06-04 13:54:49 +0100 |
commit | bd95d64ace45ee4d895459f86efb551d8beaa302 (patch) | |
tree | 57979e50aff73527196202159fbf7533fe772e6d /crypto/asn1/tasn_dec.c | |
parent | f59d0131cb6fc224aee0a0a92de1f04cdebe97c8 (diff) |
Check for overflows in EOC.
RT#4474 (partial)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto/asn1/tasn_dec.c')
-rw-r--r-- | crypto/asn1/tasn_dec.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 64bbe40d8f..aad838a083 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -14,6 +14,7 @@ #include <openssl/objects.h> #include <openssl/buffer.h> #include <openssl/err.h> +#include "internal/numbers.h" #include "asn1_locl.h" static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, @@ -895,7 +896,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, static int asn1_find_end(const unsigned char **in, long len, char inf) { - int expected_eoc; + uint32_t expected_eoc; long plen; const unsigned char *p = *in, *q; /* If not indefinite length constructed just add length */ @@ -925,10 +926,15 @@ static int asn1_find_end(const unsigned char **in, long len, char inf) ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR); return 0; } - if (inf) + if (inf) { + if (expected_eoc == UINT32_MAX) { + ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR); + return 0; + } expected_eoc++; - else + } else { p += plen; + } len -= p - q; } if (expected_eoc) { |