Fix buffer overrun in ASN1_parse().
authorBen Laurie <ben@links.org>
Tue, 29 Mar 2016 18:37:57 +0000 (19:37 +0100)
committerBen Laurie <ben@links.org>
Wed, 30 Mar 2016 19:28:44 +0000 (20:28 +0100)
commit79c7f74d6cefd5d32fa20e69195ad3de834ce065
tree843eaf62c96f9adfcbbd633fac1f7f863b362539
parent087ca80ad83071dde0bb6bc1c28c743caa00eaf8
Fix buffer overrun in ASN1_parse().

Fix buffer overrun in asn1_get_length().

Reproducer: asn1parse-reproduce crash-6bfd417f47bc940f6984f5e639b637fd4e6074bc

Fix length calculations.

Reproducer: asn1parse-reproduce crash-1819d0e54cd2b0430626c59053e6077ef04c2ffb
Reproducer: asn1parse-reproduce crash-9969db8603e644ddc0ba3459b51eac7a2c4b729b

Make i long.

Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/asn1/asn1_lib.c
crypto/asn1/asn1_par.c