Limit ASN.1 constructed types recursive definition depth
authorMatt Caswell <matt@openssl.org>
Thu, 22 Mar 2018 10:05:40 +0000 (10:05 +0000)
committerMatt Caswell <matt@openssl.org>
Mon, 26 Mar 2018 14:38:38 +0000 (15:38 +0100)
commit9310d45087ae546e27e61ddf8f6367f29848220d
treeed625a315f6f9c3915a288c4df51210acbff090f
parent3ffc95b1a9d14d8833f6f116a0afe0fb83eeaa17
Limit ASN.1 constructed types recursive definition depth

Constructed types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. Therefore we limit the stack depth.

CVE-2018-0739

Credit to OSSFuzz for finding this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/asn1/asn1.h
crypto/asn1/asn1_err.c
crypto/asn1/tasn_dec.c