ASN1 sanity check.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 1 Jul 2014 23:57:57 +0000 (00:57 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 2 Jul 2014 00:00:18 +0000 (01:00 +0100)
Primitive encodings shouldn't use indefinite length constructed
form.

PR#2438 (partial).
(cherry picked from commit 398e99fe5e06edb11f55a39ce0883d9aa633ffa9)

crypto/asn1/asn1_lib.c

index 1bcb44aee203637ec70a60fe616588696bac32ac..fa04b08ed6e4bb631960753874d1fb7a8ce3e564 100644 (file)
@@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
        *pclass=xclass;
        if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;
 
+       if (inf && !(ret & V_ASN1_CONSTRUCTED))
+               goto err;
+
 #if 0
        fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n", 
                (int)p,*plength,omax,(int)*pp,(int)(p+ *plength),