From 7bdeeb64ac00caacfa476ac73bec52bea0aade34 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 30 Apr 2005 18:02:54 +0000 Subject: [PATCH] Don't attempt to parse nested ASN1 strings by default. --- crypto/asn1/asn1.h | 1 + crypto/asn1/asn1_err.c | 1 + crypto/asn1/tasn_dec.c | 9 +++++++-- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index b8d69de450..a64861c045 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -1171,6 +1171,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_MISSING_VALUE 189 #define ASN1_R_MSTRING_NOT_UNIVERSAL 139 #define ASN1_R_MSTRING_WRONG_TAG 140 +#define ASN1_R_NESTED_ASN1_STRING 197 #define ASN1_R_NON_HEX_CHARACTERS 141 #define ASN1_R_NOT_ASCII_FORMAT 190 #define ASN1_R_NOT_ENOUGH_DATA 142 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index d236a9fd4b..8722281cd9 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -227,6 +227,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_MISSING_VALUE) ,"missing value"}, {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"}, {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG) ,"mstring wrong tag"}, +{ERR_REASON(ASN1_R_NESTED_ASN1_STRING) ,"nested asn1 string"}, {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS) ,"non hex characters"}, {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT) ,"not ascii format"}, {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) ,"not enough data"}, diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 39a9d5a9aa..ed79535e66 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -3,7 +3,7 @@ * project 2000. */ /* ==================================================================== - * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -1075,7 +1075,7 @@ static int asn1_find_end(const unsigned char **in, long len, char inf) expected_eoc = 1; /* Indefinite length constructed form. Find the end when enough EOCs * are found. If more indefinite length constructed headers - * are encountered increment the expected eoc count otherwise just + * are encountered increment the expected eoc count otherwise justi * skip to the end of the data. */ while (len > 0) @@ -1159,8 +1159,13 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, /* If indefinite length constructed update max length */ if (cst) { +#ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS if (!asn1_collect(buf, &p, plen, ininf, tag, aclass)) return 0; +#else + ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING); + return 0; +#endif } else if (!collect_data(buf, &p, plen)) return 0; -- 2.34.1