Limit depth of ASN1 parse printing.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 3 Sep 2015 13:27:19 +0000 (14:27 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 24 Nov 2015 15:30:40 +0000 (15:30 +0000)
Thanks to Guido Vranken <guidovranken@gmail.com> for reporting this issue.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 158e5207a794603f5d64ffa95e0247c7808ab445)

Conflicts:
crypto/asn1/asn1_par.c

crypto/asn1/asn1_par.c

index f6cd4b2b8caae68b97fe11bcb3c4f902472ddfba..4e8e25470f25f33fe4028ef8e7c23fedb1d9b434 100644 (file)
 #include <openssl/objects.h>
 #include <openssl/asn1.h>
 
+#ifndef ASN1_PARSE_MAXDEPTH
+#define ASN1_PARSE_MAXDEPTH 128
+#endif
+
 static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
                            int indent);
 static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
@@ -128,6 +132,12 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
 #else
     dump_indent = 6;            /* Because we know BIO_dump_indent() */
 #endif
+
+    if (depth > ASN1_PARSE_MAXDEPTH) {
+            BIO_puts(bp, "BAD RECURSION DEPTH\n");
+            goto end;
+    }
+
     p = *pp;
     tot = p + length;
     op = p - 1;