Skip to content
Commit f3277408 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Harden ASN.1 BIO handling of large amounts of data.



If the ASN.1 BIO is presented with a large length field read it in
chunks of increasing size checking for EOF on each read. This prevents
small files allocating excessive amounts of data.

CVE-2016-2109

Thanks to Brian Carpenter for reporting this issue.

Reviewed-by: default avatarViktor Dukhovni <viktor@openssl.org>
(cherry picked from commit c6298139)
parent 9676402c
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment