Skip to content
Commit b29ffa39 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson Committed by Richard Levitte
Browse files

Fix leak with ASN.1 combine.



When parsing a combined structure pass a flag to the decode routine
so on error a pointer to the parent structure is not zeroed as
this will leak any additional components in the parent.

This can leak memory in any application parsing PKCS#7 or CMS structures.

CVE-2015-3195.

Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
libFuzzer.

PR#4131

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent 005f4893
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment