From 398e99fe5e06edb11f55a39ce0883d9aa633ffa9 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 2 Jul 2014 00:57:57 +0100 Subject: [PATCH] ASN1 sanity check. Primitive encodings shouldn't use indefinite length constructed form. PR#2438 (partial). --- crypto/asn1/asn1_lib.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 74ca7d4fa3..f1360ed735 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, *pclass=xclass; if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err; + if (inf && !(ret & V_ASN1_CONSTRUCTED)) + goto err; + #if 0 fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", (int)p,*plength,omax,(int)*pp,(int)(p+ *plength), -- 2.25.1