Skip to content
Commit 4cabbb9f authored by Matt Caswell's avatar Matt Caswell
Browse files

Limit ASN.1 constructed types recursive definition depth



Constructed types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. Therefore we limit the stack depth.

CVE-2018-0739

Credit to OSSFuzz for finding this issue.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent faec5c4a
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment