Skip to content
Commit 9310d450 authored by Matt Caswell's avatar Matt Caswell
Browse files

Limit ASN.1 constructed types recursive definition depth



Constructed types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. Therefore we limit the stack depth.

CVE-2018-0739

Credit to OSSFuzz for finding this issue.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 3ffc95b1
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment