In ASN1_get_object(), reject primitive encodings using the indefinite length

constructed form. OpenSSL PR #2438 via OpenSSL trunk

2 files changed, 8 insertions, 2 deletions

diff --git a/lib/libcrypto/asn1/asn1_lib.c b/lib/libcrypto/asn1/asn1_lib.c
index d851339753e..2b952abae6a 100644
--- a/lib/libcrypto/asn1/asn1_lib.c
+++ b/lib/libcrypto/asn1/asn1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_lib.c,v 1.31 2014/07/11 14:22:55 miod Exp $ */
+/* $OpenBSD: asn1_lib.c,v 1.32 2014/07/11 14:49:12 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -137,6 +137,9 @@ ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
 	if (!asn1_get_length(&p, &inf, plength, (int)max))
 		goto err;
 
+	if (inf && !(ret & V_ASN1_CONSTRUCTED))
+		goto err;
+
 #if 0
 	fprintf(stderr, "p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n",
 	    (int)p, *plength, omax, (int)*pp, (int)(p+ *plength),
diff --git a/lib/libssl/src/crypto/asn1/asn1_lib.c b/lib/libssl/src/crypto/asn1/asn1_lib.c
index d851339753e..2b952abae6a 100644
--- a/lib/libssl/src/crypto/asn1/asn1_lib.c
+++ b/lib/libssl/src/crypto/asn1/asn1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_lib.c,v 1.31 2014/07/11 14:22:55 miod Exp $ */
+/* $OpenBSD: asn1_lib.c,v 1.32 2014/07/11 14:49:12 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -137,6 +137,9 @@ ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
 	if (!asn1_get_length(&p, &inf, plength, (int)max))
 		goto err;
 
+	if (inf && !(ret & V_ASN1_CONSTRUCTED))
+		goto err;
+
 #if 0
 	fprintf(stderr, "p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n",
 	    (int)p, *plength, omax, (int)*pp, (int)(p+ *plength),