aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/openssl/crypto/asn1
diff options
context:
space:
mode:
authorSimon L. B. Nielsen <simon@FreeBSD.org>2010-04-01 15:19:51 +0000
committerSimon L. B. Nielsen <simon@FreeBSD.org>2010-04-01 15:19:51 +0000
commitab8565e2671f6e9101b4b855b9614c95f0810eb6 (patch)
tree9b9ed316e70ff8c7ea71526ab69ab131960e8b72 /crypto/openssl/crypto/asn1
parent094f117522350e3fddf5cdb671d3829999604765 (diff)
parent0cedaa6c89235ed396068f2ebf546c9a909439e1 (diff)
downloadsrc-ab8565e2671f6e9101b4b855b9614c95f0810eb6.tar.gz
src-ab8565e2671f6e9101b4b855b9614c95f0810eb6.zip
Merge OpenSSL 0.9.8n into head.
This fixes CVE-2010-0740 which only affected -CURRENT (OpenSSL 0.9.8m) but not -STABLE branches. I have not yet been able to find out if CVE-2010-0433 impacts FreeBSD. This will be investigated further. Security: CVE-2010-0433, CVE-2010-0740 Security: http://www.openssl.org/news/secadv_20100324.txt
Notes
Notes: svn path=/head/; revision=206046
Diffstat (limited to 'crypto/openssl/crypto/asn1')
-rw-r--r--crypto/openssl/crypto/asn1/a_object.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/crypto/openssl/crypto/asn1/a_object.c b/crypto/openssl/crypto/asn1/a_object.c
index d169f8c14736..365e4673a95c 100644
--- a/crypto/openssl/crypto/asn1/a_object.c
+++ b/crypto/openssl/crypto/asn1/a_object.c
@@ -291,12 +291,12 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
ASN1_OBJECT *ret=NULL;
const unsigned char *p;
int i;
- /* Sanity check OID encoding: can't have 0x80 in subidentifiers, see:
- * X.690 8.19.2
+ /* Sanity check OID encoding: can't have leading 0x80 in
+ * subidentifiers, see: X.690 8.19.2
*/
for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
{
- if (*p == 0x80)
+ if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
{
ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
return NULL;