Skip to content
Commit bdcd660e authored by Viktor Dukhovni's avatar Viktor Dukhovni
Browse files

Bugfix: in asn1parse avoid erroneous len after a sub-sequence

Introduced in:

    commit 79c7f74d
    Author: Ben Laurie <ben@links.org>
    Date:   Tue Mar 29 19:37:57 2016 +0100

    Fix buffer overrun in ASN1_parse().

Problem input:

    https://tools.ietf.org/html/draft-ietf-curdle-pkix-eddsa-00#section-8.1


    -----BEGIN PUBLIC KEY-----
    MC0wCAYDK2VkCgECAyEAGb9ECWmEzf6FQbrBZ9w7lshQhqowtrbLDFw4rXAxZuE=
    -----END PUBLIC KEY-----

Previously:

        0:d=0  hl=2 l=  45 cons: SEQUENCE
        2:d=1  hl=2 l=   8 cons: SEQUENCE
        4:d=2  hl=2 l=   3 prim: OBJECT            :1.3.101.100
        9:d=2  hl=2 l=   1 prim: ENUMERATED        :02
    Error in encoding
    140735164989440:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:../openssl/crypto/asn1/asn1_lib.c:148:

Now:

    0:d=0  hl=2 l=  45 cons: SEQUENCE
    2:d=1  hl=2 l=   8 cons: SEQUENCE
    4:d=2  hl=2 l=   3 prim: OBJECT            :1.3.101.100
    9:d=2  hl=2 l=   1 prim: ENUMERATED        :02
   12:d=1  hl=2 l=  33 prim: BIT STRING
      0000 - 00 19 bf 44 09 69 84 cd-fe 85 41 ba c1 67 dc 3b   ...D.i....A..g.;
      0010 - 96 c8 50 86 aa 30 b6 b6-cb 0c 5c 38 ad 70 31 66   ..P..0....\8.p1f
      0020 - e1                                                .

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent 5968d11a
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment