From: Dr. Stephen Henson <steve@openssl.org>
Date: Tue, 1 Jul 2014 23:57:57 +0000 (+0100)
Subject: ASN1 sanity check.
X-Git-Tag: OpenSSL_0_9_8zb~42
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=00e86a74bd207f046dde8d9fdc9fb8f236104509;p=oweals%2Fopenssl.git

ASN1 sanity check.

Primitive encodings shouldn't use indefinite length constructed
form.

PR#2438 (partial).
(cherry picked from commit 398e99fe5e06edb11f55a39ce0883d9aa633ffa9)
---

diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 5af559ef8d..d34515577e 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
 	*pclass=xclass;
 	if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;
 
+	if (inf && !(ret & V_ASN1_CONSTRUCTED))
+		goto err;
+
 #if 0
 	fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n", 
 		(int)p,*plength,omax,(int)*pp,(int)(p+ *plength),