Limit ASN.1 constructed types recursive definition depth

Constructed types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. Therefore we limit the stack depth. CVE-2018-0739 Credit to OSSFuzz for finding this issue. Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Matt Caswell <matt@openssl.org> 2018-03-22 09:39:53 +0000
committer: Matt Caswell <matt@openssl.org> 2018-03-27 10:23:34 +0100
commit: 2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33 (patch)
tree: 0e69c6d2738c34c03744560beddf5b15ec73585b /include
parent: d8278dac47996a442a480958702d913f2eff7b93 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index 35637ccbdb..7e8788ff98 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -1051,6 +1051,7 @@ int ERR_load_ASN1_strings(void);
 # define ASN1_R_MSTRING_NOT_UNIVERSAL                     139
 # define ASN1_R_MSTRING_WRONG_TAG                         140
 # define ASN1_R_NESTED_ASN1_STRING                        197
+# define ASN1_R_NESTED_TOO_DEEP                           201
 # define ASN1_R_NON_HEX_CHARACTERS                        141
 # define ASN1_R_NOT_ASCII_FORMAT                          190
 # define ASN1_R_NOT_ENOUGH_DATA                           142
author	Matt Caswell <matt@openssl.org>	2018-03-22 09:39:53 +0000
committer	Matt Caswell <matt@openssl.org>	2018-03-27 10:23:34 +0100
commit	2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33 (patch)
tree	0e69c6d2738c34c03744560beddf5b15ec73585b /include
parent	d8278dac47996a442a480958702d913f2eff7b93 (diff)