Commit 348be7ec authored Sep 28, 2006 by Mark J. Cox

Fix ASN.1 parsing of certain invalid structures that can result

in a denial of service.  (CVE-2006-2937)  [Steve Henson]

parent 3ff55e96

CHANGES

+3 −0

Original line number	Original line	Diff line number	Diff line
	@@ -4,6 +4,9 @@

	Changes between 0.9.8d and 0.9.9 [xx XXX xxxx]		Changes between 0.9.8d and 0.9.9 [xx XXX xxxx]

			*) Fix ASN.1 parsing of certain invalid structures that can result
			in a denial of service. (CVE-2006-2937) [Steve Henson]

	*) Fix buffer overflow in SSL_get_shared_ciphers() function.		*) Fix buffer overflow in SSL_get_shared_ciphers() function.
	(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]		(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

crypto/asn1/tasn_dec.c

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -832,6 +832,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
	}		}
	else if (ret == -1)		else if (ret == -1)
	return -1;		return -1;
			ret = 0;
	/* SEQUENCE, SET and "OTHER" are left in encoded form */		/* SEQUENCE, SET and "OTHER" are left in encoded form */
	if ((utype == V_ASN1_SEQUENCE)		if ((utype == V_ASN1_SEQUENCE)
	\|\| (utype == V_ASN1_SET) \|\| (utype == V_ASN1_OTHER))		\|\| (utype == V_ASN1_SET) \|\| (utype == V_ASN1_OTHER))