[openssl-users] Max size on ASN1_item_d2i_bio()?

Nathaniel McCallum npmccallum at redhat.com
Fri Feb 20 16:13:37 UTC 2015

I'd like to use ASN1_item_d2i_bio() (or something similar) to parse an 
incoming message. However, given that types like ASN1_OCTET_STRING 
have (essentially) unbounded length, how do I prevent an attacker from 
DOS'ing via OOM?

Is there some way to set a max packet size?


More information about the openssl-users mailing list