[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Dr. Stephen Henson
steve at openssl.org
Wed Aug 3 01:38:16 UTC 2016
The branch OpenSSL_1_0_2-stable has been updated
via 436dead2e2a157fa501a7538a77b6078391b477f (commit)
from 134ab5139a8d41455a81d9fcc31b3edb8a4b2f5c (commit)
- Log -----------------------------------------------------------------
commit 436dead2e2a157fa501a7538a77b6078391b477f
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Aug 2 23:53:41 2016 +0100
Calculate sequence length properly.
Use correct length in old ASN.1 indefinite length sequence decoder
(only used by SSL_SESSION).
This bug was discovered by Hanno Böck using libfuzzer.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/asn1_lib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 8752654..80f5f2b 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -328,7 +328,7 @@ int asn1_GetSequence(ASN1_const_CTX *c, long *length)
return (0);
}
if (c->inf == (1 | V_ASN1_CONSTRUCTED))
- c->slen = *length + *(c->pp) - c->p;
+ c->slen = *length;
c->eos = 0;
return (1);
}
More information about the openssl-commits
mailing list