Bugfix: in asn1parse avoid erroneous len after a sub-sequence
Introduced in: commit 79c7f74d Author: Ben Laurie <ben@links.org> Date: Tue Mar 29 19:37:57 2016 +0100 Fix buffer overrun in ASN1_parse(). Problem input: https://tools.ietf.org/html/draft-ietf-curdle-pkix-eddsa-00#section-8.1 -----BEGIN PUBLIC KEY----- MC0wCAYDK2VkCgECAyEAGb9ECWmEzf6FQbrBZ9w7lshQhqowtrbLDFw4rXAxZuE= -----END PUBLIC KEY----- Previously: 0:d=0 hl=2 l= 45 cons: SEQUENCE 2:d=1 hl=2 l= 8 cons: SEQUENCE 4:d=2 hl=2 l= 3 prim: OBJECT :1.3.101.100 9:d=2 hl=2 l= 1 prim: ENUMERATED :02 Error in encoding 140735164989440:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:../openssl/crypto/asn1/asn1_lib.c:148: Now: 0:d=0 hl=2 l= 45 cons: SEQUENCE 2:d=1 hl=2 l= 8 cons: SEQUENCE 4:d=2 hl=2 l= 3 prim: OBJECT :1.3.101.100 9:d=2 hl=2 l= 1 prim: ENUMERATED :02 12:d=1 hl=2 l= 33 prim: BIT STRING 0000 - 00 19 bf 44 09 69 84 cd-fe 85 41 ba c1 67 dc 3b ...D.i....A..g.; 0010 - 96 c8 50 86 aa 30 b6 b6-cb 0c 5c 38 ad 70 31 66 ..P..0....\8.p1f 0020 - e1 . Reviewed-by: Richard Levitte <levitte@openssl.org>
parent
5968d11a
Please register or sign in to comment