From 348be7ec60f7cce7503ba759a1a5a7591a648f1f Mon Sep 17 00:00:00 2001 From: "Mark J. Cox" Date: Thu, 28 Sep 2006 13:20:44 +0000 Subject: [PATCH] Fix ASN.1 parsing of certain invalid structures that can result in a denial of service. (CVE-2006-2937) [Steve Henson] --- CHANGES | 3 +++ crypto/asn1/tasn_dec.c | 1 + 2 files changed, 4 insertions(+) diff --git a/CHANGES b/CHANGES index 11988efbf9..6b26b19b1b 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 0.9.8d and 0.9.9 [xx XXX xxxx] + *) Fix ASN.1 parsing of certain invalid structures that can result + in a denial of service. (CVE-2006-2937) [Steve Henson] + *) Fix buffer overflow in SSL_get_shared_ciphers() function. (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index fe1bfd0a90..c32510ffda 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -832,6 +832,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, } else if (ret == -1) return -1; + ret = 0; /* SEQUENCE, SET and "OTHER" are left in encoded form */ if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) -- 2.25.1