[openssl-commits] [openssl] master update
Andy Polyakov
appro at openssl.org
Sat Mar 4 22:17:03 UTC 2017
The branch master has been updated
via 8b0d4242404f9e5da26e7594fa0864b2df4601af (commit)
from 312e9387fddacbcef4148bd3ace25c7db89e374e (commit)
- Log -----------------------------------------------------------------
commit 8b0d4242404f9e5da26e7594fa0864b2df4601af
Author: Andy Polyakov <appro at openssl.org>
Date: Thu Mar 2 16:56:44 2017 +0100
apps/s_client.c: harden ldap_ExtendedResponse_parse.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/s_client.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/apps/s_client.c b/apps/s_client.c
index b48c306..e180772 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -3091,6 +3091,8 @@ static int ldap_ExtendedResponse_parse(const char *buf, long rem)
goto end;
}
+ rem = len; /* ensure that we don't overstep the SEQUENCE */
+
/* pull MessageID */
inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem);
if (inf != V_ASN1_UNIVERSAL || tag != V_ASN1_INTEGER ||
More information about the openssl-commits
mailing list