[openssl-commits] [openssl] OpenSSL source code branch master updated. 5a1e8c67a90aead86ccc2dda324e8f897d1a044d

Kurt Roeckx kurt at openssl.org
Thu Dec 18 14:04:38 UTC 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSSL source code".

The branch, master has been updated
       via  5a1e8c67a90aead86ccc2dda324e8f897d1a044d (commit)
      from  040b60f6fa50de325ecace8a6a06e02485942d94 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5a1e8c67a90aead86ccc2dda324e8f897d1a044d
Author: Kurt Roeckx <kurt at roeckx.be>
Date:   Mon Dec 15 17:15:16 2014 +0100

    Return error when a bit string indicates an invalid amount of bits left
    
    Reviewed-by: Matt Caswell <matt at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/a_bitstr.c |    7 ++++++-
 crypto/asn1/asn1.h     |    1 +
 crypto/asn1/asn1_err.c |    1 +
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
index 0cb899f..4ca4a56 100644
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -136,11 +136,16 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
 
 	p= *pp;
 	i= *(p++);
+	if (i > 7)
+		{
+		i=ASN1_R_INVALID_BIT_STRING_BITS_LEFT;
+		goto err;
+		}
 	/* We do this to preserve the settings.  If we modify
 	 * the settings, via the _set_bit function, we will recalculate
 	 * on output */
 	ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
-	ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */
+	ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|i); /* set */
 
 	if (len-- > 1) /* using one because of the bits left byte */
 		{
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index ed1a28a..37adcb3 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -1350,6 +1350,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_ILLEGAL_TIME_VALUE			 184
 #define ASN1_R_INTEGER_NOT_ASCII_FORMAT			 185
 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG		 128
+#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT		 220
 #define ASN1_R_INVALID_BMPSTRING_LENGTH			 129
 #define ASN1_R_INVALID_DIGIT				 130
 #define ASN1_R_INVALID_MIME_TYPE			 205
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index 0217049..6eb47f7 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -249,6 +249,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE)   ,"illegal time value"},
 {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"},
 {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
+{ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),"invalid bit string bits left"},
 {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
 {ERR_REASON(ASN1_R_INVALID_DIGIT)        ,"invalid digit"},
 {ERR_REASON(ASN1_R_INVALID_MIME_TYPE)    ,"invalid mime type"},


hooks/post-receive
-- 
OpenSSL source code

More information about the openssl-commits mailing list