diff options
| author | Jung-uk Kim <jkim@FreeBSD.org> | 2015-12-03 17:25:26 +0000 |
|---|---|---|
| committer | Jung-uk Kim <jkim@FreeBSD.org> | 2015-12-03 17:25:26 +0000 |
| commit | 145e3a85931a836f8dccec73e02594f7255abcfd (patch) | |
| tree | 03b95bb4075b5bfadd5b0dabf3c4233035d6b774 /crypto/asn1 | |
| parent | d7a2d00e5375699d95f3720a7b779ded3c805b5f (diff) | |
| download | src-vendor/openssl-0.9.8.tar.gz src-vendor/openssl-0.9.8.zip | |
Import OpenSSL 0.9.8zh.vendor/openssl/0.9.8zhvendor/openssl-0.9.8
Notes
Notes:
svn path=/vendor-crypto/openssl/dist-0.9.8/; revision=291711
svn path=/vendor-crypto/openssl/0.9.8zh/; revision=291712; tag=vendor/openssl/0.9.8zh
Diffstat (limited to 'crypto/asn1')
| -rw-r--r-- | crypto/asn1/asn1_par.c | 10 | ||||
| -rw-r--r-- | crypto/asn1/tasn_dec.c | 7 |
2 files changed, 15 insertions, 2 deletions
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index e15e341ad8d2..e16483dea57f 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -62,6 +62,10 @@ #include <openssl/objects.h> #include <openssl/asn1.h> +#ifndef ASN1_PARSE_MAXDEPTH +#define ASN1_PARSE_MAXDEPTH 128 +#endif + static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, int indent); static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, @@ -134,6 +138,12 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, #else dump_indent = 6; /* Because we know BIO_dump_indent() */ #endif + + if (depth > ASN1_PARSE_MAXDEPTH) { + BIO_puts(bp, "BAD RECURSION DEPTH\n"); + return 0; + } + p = *pp; tot = p + length; op = p - 1; diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 6e4a3252d078..91e769811337 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -178,6 +178,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, int otag; int ret = 0; ASN1_VALUE **pchptr, *ptmpval; + int combine = aclass & ASN1_TFLG_COMBINE; + aclass &= ~ASN1_TFLG_COMBINE; if (!pval) return 0; if (aux && aux->asn1_cb) @@ -498,7 +500,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, auxerr: ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); err: - ASN1_item_ex_free(pval, it); + if (combine == 0) + ASN1_item_ex_free(pval, it); if (errtt) ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname); @@ -687,7 +690,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, } else { /* Nothing special */ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, 0, opt, ctx); + -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; |