diff options
| author |   beck <beck@openbsd.org> | 2019-03-24 16:07:25 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2019-03-24 16:07:25 +0000 |
| commit | a4d3691c34beea8e23aaf32d9b24e67eb10bf3d5 (patch) | |
| tree | 3aa83bdcfba8bb22c7b356ee3cd0ff6cacac24d3 | |
| parent | Add a quirk for the Huawei Matebook X to activate the right-side (diff) | |
| download | wireguard-openbsd-a4d3691c34beea8e23aaf32d9b24e67eb10bf3d5.tar.xz wireguard-openbsd-a4d3691c34beea8e23aaf32d9b24e67eb10bf3d5.zip | |
Don't allow asn1_parse2 to recurse arbitrarily deep. Constrain to a max
depth of 128 - For oss-fuzz issue 13802
ok jsing@
| -rw-r--r-- | lib/libcrypto/asn1/asn1_par.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/libcrypto/asn1/asn1_par.c b/lib/libcrypto/asn1/asn1_par.c index f4b39e81cd1..21f92d298d7 100644 --- a/lib/libcrypto/asn1/asn1_par.c +++ b/lib/libcrypto/asn1/asn1_par.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_par.c,v 1.26 2018/11/09 04:11:06 tb Exp $ */ +/* $OpenBSD: asn1_par.c,v 1.27 2019/03/24 16:07:25 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -130,6 +130,10 @@ asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, p = *pp; tot = p + length; op = p - 1; + if (depth > 128) { + BIO_printf(bp, "Max depth exceeded\n"); + goto end; + } while ((p < tot) && (op < p)) { op = p; j = ASN1_get_object(&p, &len, &tag, &xclass, length); |