[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Sat Jun 4 12:55:34 UTC 2016
The branch master has been updated
via bd95d64ace45ee4d895459f86efb551d8beaa302 (commit)
from f59d0131cb6fc224aee0a0a92de1f04cdebe97c8 (commit)
- Log -----------------------------------------------------------------
commit bd95d64ace45ee4d895459f86efb551d8beaa302
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Jun 4 12:48:00 2016 +0100
Check for overflows in EOC.
RT#4474 (partial)
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/a_d2i_fp.c | 11 ++++++-----
crypto/asn1/tasn_dec.c | 12 +++++++++---
2 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c
index 9676ab7..e5c1d0e 100644
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@@ -10,6 +10,7 @@
#include <stdio.h>
#include <limits.h>
#include "internal/cryptlib.h"
+#include "internal/numbers.h"
#include <openssl/buffer.h>
#include <openssl/asn1.h>
@@ -97,7 +98,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
unsigned char *p;
int i;
size_t want = HEADER_SIZE;
- int eos = 0;
+ uint32_t eos = 0;
size_t off = 0;
size_t len = 0;
@@ -152,16 +153,16 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
if (inf & 1) {
/* no data body so go round again */
- eos++;
- if (eos < 0) {
+ if (eos == UINT32_MAX) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);
goto err;
}
+ eos++;
want = HEADER_SIZE;
} else if (eos && (slen == 0) && (tag == V_ASN1_EOC)) {
/* eos value, so go back and read another header */
eos--;
- if (eos <= 0)
+ if (eos == 0)
break;
else
want = HEADER_SIZE;
@@ -214,7 +215,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
goto err;
}
off += slen;
- if (eos <= 0) {
+ if (eos == 0) {
break;
} else
want = HEADER_SIZE;
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 64bbe40..aad838a 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -14,6 +14,7 @@
#include <openssl/objects.h>
#include <openssl/buffer.h>
#include <openssl/err.h>
+#include "internal/numbers.h"
#include "asn1_locl.h"
static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
@@ -895,7 +896,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
static int asn1_find_end(const unsigned char **in, long len, char inf)
{
- int expected_eoc;
+ uint32_t expected_eoc;
long plen;
const unsigned char *p = *in, *q;
/* If not indefinite length constructed just add length */
@@ -925,10 +926,15 @@ static int asn1_find_end(const unsigned char **in, long len, char inf)
ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
return 0;
}
- if (inf)
+ if (inf) {
+ if (expected_eoc == UINT32_MAX) {
+ ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+ }
expected_eoc++;
- else
+ } else {
p += plen;
+ }
len -= p - q;
}
if (expected_eoc) {
More information about the openssl-commits
mailing list