From 348be7ec60f7cce7503ba759a1a5a7591a648f1f Mon Sep 17 00:00:00 2001
From: "Mark J. Cox" <mark@openssl.org>
Date: Thu, 28 Sep 2006 13:20:44 +0000
Subject: [PATCH] Fix ASN.1 parsing of certain invalid structures that can
 result in a denial of service.  (CVE-2006-2937)  [Steve Henson]

---
 CHANGES                | 3 +++
 crypto/asn1/tasn_dec.c | 1 +
 2 files changed, 4 insertions(+)

diff --git a/CHANGES b/CHANGES
index 11988efbf9..6b26b19b1b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 0.9.8d and 0.9.9  [xx XXX xxxx]
 
+  *) Fix ASN.1 parsing of certain invalid structures that can result
+     in a denial of service.  (CVE-2006-2937)  [Steve Henson]
+
   *) Fix buffer overflow in SSL_get_shared_ciphers() function.
      (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
 
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index fe1bfd0a90..c32510ffda 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -832,6 +832,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
 		}
 	else if (ret == -1)
 		return -1;
+        ret = 0;
 	/* SEQUENCE, SET and "OTHER" are left in encoded form */
 	if ((utype == V_ASN1_SEQUENCE)
 		|| (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER))
-- 
2.34.1