[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
Dr. Stephen Henson
steve at openssl.org
Wed Aug 3 01:39:38 UTC 2016
The branch OpenSSL_1_0_1-stable has been updated
via 5db2a579b72b94aa0dacb08530768a1a5759237d (commit)
from c648bdcc4cd8a7d1699081d339ff33deda69a3be (commit)
- Log -----------------------------------------------------------------
commit 5db2a579b72b94aa0dacb08530768a1a5759237d
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Aug 2 23:53:41 2016 +0100
Calculate sequence length properly.
Use correct length in old ASN.1 indefinite length sequence decoder
(only used by SSL_SESSION).
This bug was discovered by Hanno Böck using libfuzzer.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(cherry picked from commit 436dead2e2a157fa501a7538a77b6078391b477f)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/asn1_lib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 8752654..80f5f2b 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -328,7 +328,7 @@ int asn1_GetSequence(ASN1_const_CTX *c, long *length)
return (0);
}
if (c->inf == (1 | V_ASN1_CONSTRUCTED))
- c->slen = *length + *(c->pp) - c->p;
+ c->slen = *length;
c->eos = 0;
return (1);
}
More information about the openssl-commits
mailing list