diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-11-10 19:03:07 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-12-03 14:32:05 +0000 |
commit | cc598f321fbac9c04da5766243ed55d55948637d (patch) | |
tree | bff3dba6e776736ce5576cb6dc6535601ad269db /crypto/bn | |
parent | fb4f46763fed3c600db21974577061b611b6fa46 (diff) |
Fix leak with ASN.1 combine.
When parsing a combined structure pass a flag to the decode routine
so on error a pointer to the parent structure is not zeroed as
this will leak any additional components in the parent.
This can leak memory in any application parsing PKCS#7 or CMS structures.
CVE-2015-3195.
Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
libFuzzer.
PR#4131
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/bn')
0 files changed, 0 insertions, 0 deletions