projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e979e47) | patch
Fix leak with ASN.1 combine.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 10 Nov 2015 19:03:07 +0000 (19:03 +0000)
committerRichard Levitte <richard@levitte.org>
Wed, 2 Dec 2015 20:40:20 +0000 (21:40 +0100)
commit2cdafc51f008e65b2d5263a80ad0e89e9b56c8d3
treefc96f045f7adfd0ad63a3fba359f5b7e75d23242tree | snapshot
parente979e4715f3795cb59fcf46c77e7c714a184edd8commit | diff
Fix leak with ASN.1 combine.

When parsing a combined structure pass a flag to the decode routine
so on error a pointer to the parent structure is not zeroed as
this will leak any additional components in the parent.

This can leak memory in any application parsing PKCS#7 or CMS structures.

CVE-2015-3195.

Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
libFuzzer.

PR#4131

Reviewed-by: Richard Levitte <levitte@openssl.org>
crypto/asn1/tasn_dec.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.