openssl - Mirror of https://github.com/openssl/openssl

diff options

author	Dr. Stephen Henson <steve@openssl.org>	2015-11-10 19:03:07 +0000
committer	Richard Levitte <richard@levitte.org>	2015-12-02 21:40:20 +0100
commit	2cdafc51f008e65b2d5263a80ad0e89e9b56c8d3 (patch)
tree	fc96f045f7adfd0ad63a3fba359f5b7e75d23242 /ssl
parent	e979e4715f3795cb59fcf46c77e7c714a184edd8 (diff)

Fix leak with ASN.1 combine.

When parsing a combined structure pass a flag to the decode routine so on error a pointer to the parent structure is not zeroed as this will leak any additional components in the parent. This can leak memory in any application parsing PKCS#7 or CMS structures. CVE-2015-3195. Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using libFuzzer. PR#4131 Reviewed-by: Richard Levitte <levitte@openssl.org>

Diffstat (limited to 'ssl')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: