diff options
| -rw-r--r-- | CHANGES | 3 | ||||
| -rw-r--r-- | crypto/asn1/tasn_dec.c | 1 |
2 files changed, 4 insertions, 0 deletions
@@ -4,6 +4,9 @@ Changes between 0.9.8d and 0.9.9 [xx XXX xxxx] + *) Fix ASN.1 parsing of certain invalid structures that can result + in a denial of service. (CVE-2006-2937) [Steve Henson] + *) Fix buffer overflow in SSL_get_shared_ciphers() function. (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index fe1bfd0a90..c32510ffda 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -832,6 +832,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, } else if (ret == -1) return -1; + ret = 0; /* SEQUENCE, SET and "OTHER" are left in encoded form */ if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) |