[openssl-commits] [openssl] OpenSSL_0_9_8-stable update

[Dr. Stephen Henson]

The branch OpenSSL_0_9_8-stable has been updated
       via  a8731c0cb819302b1b790463fdb86d3af998a283 (commit)
      from  31172717e8324fbb01e1b3e65db6f5d48d7e352e (commit)


- Log -----------------------------------------------------------------
commit a8731c0cb819302b1b790463fdb86d3af998a283
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Thu Sep 3 14:27:19 2015 +0100

    Limit depth of ASN1 parse printing.
    
    Thanks to Guido Vranken <guidovranken at gmail.com> for reporting this issue.
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (cherry picked from commit 158e5207a794603f5d64ffa95e0247c7808ab445)
    
    Conflicts:
    	crypto/asn1/asn1_par.c

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/asn1_par.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
index e15e341..8120f26 100644
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -62,6 +62,10 @@
 #include <openssl/objects.h>
 #include <openssl/asn1.h>
 
+#ifndef ASN1_PARSE_MAXDEPTH
+#define ASN1_PARSE_MAXDEPTH 128
+#endif
+
 static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
                            int indent);
 static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
@@ -134,6 +138,12 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
 #else
     dump_indent = 6;            /* Because we know BIO_dump_indent() */
 #endif
+
+    if (depth > ASN1_PARSE_MAXDEPTH) {
+            BIO_puts(bp, "BAD RECURSION DEPTH\n");
+            goto end;
+    }
+
     p = *pp;
     tot = p + length;
     op = p - 1;