Calculate sequence length properly.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 2 Aug 2016 22:53:41 +0000 (23:53 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 2 Aug 2016 23:13:03 +0000 (00:13 +0100)
Use correct length in old ASN.1 indefinite length sequence decoder
(only used by SSL_SESSION).

This bug was discovered by Hanno Böck using libfuzzer.

Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/asn1/asn1_lib.c

index 87526541035c6bf6a60b92a0b4aeeacb9c82ca43..80f5f2b014947472c75574a4e93e9f0bbf931ed8 100644 (file)
@@ -328,7 +328,7 @@ int asn1_GetSequence(ASN1_const_CTX *c, long *length)
         return (0);
     }
     if (c->inf == (1 | V_ASN1_CONSTRUCTED))
-        c->slen = *length + *(c->pp) - c->p;
+        c->slen = *length;
     c->eos = 0;
     return (1);
 }