[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

bernd.edlinger at hotmail.de bernd.edlinger at hotmail.de
Tue Apr 3 14:06:05 UTC 2018


The branch OpenSSL_1_0_2-stable has been updated
       via  477e40b48c5a2d5f9ba597cea2f2e2eb77e9347a (commit)
      from  6a285edd520f9508efb76f30aff9812ce7115fa8 (commit)


- Log -----------------------------------------------------------------
commit 477e40b48c5a2d5f9ba597cea2f2e2eb77e9347a
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Sat Mar 31 21:09:32 2018 +0200

    Fix a crash in the asn1parse command
    
    Thanks to Sem Voigtländer for reporting this issue.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/5826)
    
    (cherry picked from commit 752837e0664e990b5edf6f0b69e1b4612efadce0)

-----------------------------------------------------------------------

Summary of changes:
 apps/asn1pars.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index 0a6b990..55ecd7c 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -295,7 +295,7 @@ int MAIN(int argc, char **argv)
             ASN1_TYPE *atmp;
             int typ;
             j = atoi(sk_OPENSSL_STRING_value(osk, i));
-            if (j == 0) {
+            if (j <= 0 || j >= tmplen) {
                 BIO_printf(bio_err, "'%s' is an invalid number\n",
                            sk_OPENSSL_STRING_value(osk, i));
                 continue;


More information about the openssl-commits mailing list