Reject invalid constructed encodings.

[openssl.git] / crypto / asn1 / tasn_dec.c

diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 87d7dfdf5c374dfed46b64f3d9b2c27dfcf72265..2cbfa814759601f5a912069898326b93a882dbe7 100644 (file)
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -870,6 +870,14 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
                }
        else if (cst)
                {
+               if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
+                       || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER
+                       || utype == V_ASN1_ENUMERATED)
+                       {
+                       ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+                               ASN1_R_TYPE_NOT_PRIMITIVE);
+                       return 0;
+                       }
                buf.length = 0;
                buf.max = 0;
                buf.data = NULL;