[openssl-dev] [openssl.org #4364] [PATCH] ASN1_get_object should not accept large universal tags.
David Benjamin via RT
rt at openssl.org
Tue Mar 1 20:05:45 UTC 2016
See attached. OpenSSL can't actually represent large universal tags because
it collides with the V_ASN1_NEG flag, yet it happily parses them in high
tag number form. d2i_ASN1_TYPE interprets 1f82020100 as a negative zero,
rather than an element with tag [UNIVERSAL 258].
I've intentionally made the patch very conservative, so it only limits
universal tags, in case there is worry about someone actually using tag
number 258 of another class. (Although I've never seen anything go beyond
31 into high tag number form at all.)
Our version of the change has a test:
https://boringssl.googlesource.com/boringssl/+/fb2c6f8c8565e1e2d85c24408050c96521acbcdc%5E%21/
It should be straight-forward to adapt (the test barely does anything). I'm
not sure how adding a test in OpenSSL works these days, so I leave that to
you.
David
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4364
Please log in as guest with password guest if prompted
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-ASN1_get_object-should-not-accept-large-universal-ta.patch
Type: text/x-patch
Size: 1781 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160301/de16e9c5/attachment-0001.bin>
More information about the openssl-dev
mailing list