From: Dr. Stephen Henson Date: Tue, 2 Aug 2016 22:53:41 +0000 (+0100) Subject: Calculate sequence length properly. X-Git-Tag: OpenSSL_1_0_2i~95 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=436dead2e2a157fa501a7538a77b6078391b477f;p=oweals%2Fopenssl.git Calculate sequence length properly. Use correct length in old ASN.1 indefinite length sequence decoder (only used by SSL_SESSION). This bug was discovered by Hanno Böck using libfuzzer. Reviewed-by: Rich Salz --- diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 8752654103..80f5f2b014 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -328,7 +328,7 @@ int asn1_GetSequence(ASN1_const_CTX *c, long *length) return (0); } if (c->inf == (1 | V_ASN1_CONSTRUCTED)) - c->slen = *length + *(c->pp) - c->p; + c->slen = *length; c->eos = 0; return (1); }