Commit 5db2a579 authored Aug 02, 2016 by Dr. Stephen Henson

Calculate sequence length properly.



Use correct length in old ASN.1 indefinite length sequence decoder
(only used by SSL_SESSION).

This bug was discovered by Hanno Böck using libfuzzer.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 436dead2)

parent c648bdcc

crypto/asn1/asn1_lib.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -328,7 +328,7 @@ int asn1_GetSequence(ASN1_const_CTX c, long length)
		return (0);
		}
		if (c->inf == (1 \| V_ASN1_CONSTRUCTED))
		c->slen = length + (c->pp) - c->p;
		c->slen = *length;
		c->eos = 0;
		return (1);
		}