ASN1 sanity check.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 1 Jul 2014 23:57:57 +0000 (00:57 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 1 Jul 2014 23:59:26 +0000 (00:59 +0100)
Primitive encodings shouldn't use indefinite length constructed
form.

PR#2438 (partial).

crypto/asn1/asn1_lib.c

index 74ca7d4..f1360ed 100644 (file)
@@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
        *pclass=xclass;
        if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;
 
+       if (inf && !(ret & V_ASN1_CONSTRUCTED))
+               goto err;
+
 #if 0
        fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n", 
                (int)p,*plength,omax,(int)*pp,(int)(p+ *plength),