Reject invalid constructed encodings.

According to X6.90 null, object identifier, boolean, integer and enumerated
types can only have primitive encodings: return an error if any of
these are received with a constructed encoding.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit f5e4b6b5b566320a8d774f9475540f7d0e6a704d)

diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index 220a0c8c637e12e5aa96ffd403616b182280580a..89a2ad40991ff4f2ea6334320b3b43b48123fd35 100644 (file)
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -1378,6 +1378,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_TIME_NOT_ASCII_FORMAT                    193
 #define ASN1_R_TOO_LONG                                         155
 #define ASN1_R_TYPE_NOT_CONSTRUCTED                     156
+#define ASN1_R_TYPE_NOT_PRIMITIVE                       218
 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY                         157
 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY                 158
 #define ASN1_R_UNEXPECTED_EOC                           159

diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index aa60203ba8085d763f0a0930c91737eeb5d25bbb..73686de8e7f6915b3ce4cb271e63ba9c18bce84e 100644 (file)
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2014 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -295,6 +295,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"},
 {ERR_REASON(ASN1_R_TOO_LONG)             ,"too long"},
 {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"},
+{ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE)   ,"type not primitive"},
 {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
 {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
 {ERR_REASON(ASN1_R_UNEXPECTED_EOC)       ,"unexpected eoc"},

diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 87d7dfdf5c374dfed46b64f3d9b2c27dfcf72265..2cbfa814759601f5a912069898326b93a882dbe7 100644 (file)
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -870,6 +870,14 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
                }
        else if (cst)
                {
+               if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
+                       || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER
+                       || utype == V_ASN1_ENUMERATED)
+                       {
+                       ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+                               ASN1_R_TYPE_NOT_PRIMITIVE);
+                       return 0;
+                       }
                buf.length = 0;
                buf.max = 0;
                buf.data = NULL;