generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update from stable branch.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2009-03-14 18:33:49 +00:00
parent e39acc1c90
commit 854a225a27
2 changed files with 25 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -748,6 +748,10 @@
Changes between 0.9.8j and 0.9.8k [xx XXX xxxx] Changes between 0.9.8j and 0.9.8k [xx XXX xxxx]
*) Permit restricted recursion of ASN1 strings. This is needed in practice
to handle some structures.
[Steve Henson]
*) Improve efficiency of mem_gets: don't search whole buffer each time *) Improve efficiency of mem_gets: don't search whole buffer each time
for a '\n' for a '\n'
[Jeremy Shapiro <jnshapir@us.ibm.com>] [Jeremy Shapiro <jnshapir@us.ibm.com>]

30
crypto/asn1/tasn_dec.c
View File

@ -69,7 +69,7 @@ static int asn1_check_eoc(const unsigned char **in, long len);
static int asn1_find_end(const unsigned char **in, long len, char inf); static int asn1_find_end(const unsigned char **in, long len, char inf);
static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
char inf, int tag, int aclass); char inf, int tag, int aclass, int depth);
static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
@ -882,7 +882,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
* internally irrespective of the type. So instead just check * internally irrespective of the type. So instead just check
* for UNIVERSAL class and ignore the tag. * for UNIVERSAL class and ignore the tag.
*/ */
if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0))
{ {
free_cont = 1; free_cont = 1;
goto err; goto err;
@ -1132,8 +1132,18 @@ static int asn1_find_end(const unsigned char **in, long len, char inf)
* if it is indefinite length. * if it is indefinite length.
*/ */
#ifndef ASN1_MAX_STRING_NEST
/* This determines how many levels of recursion are permitted in ASN1
* string types. If it is not limited stack overflows can occur. If set
* to zero no recursion is allowed at all. Although zero should be adequate
* examples exist that require a value of 1. So 5 should be more than enough.
*/
#define ASN1_MAX_STRING_NEST 5
#endif
static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
char inf, int tag, int aclass) char inf, int tag, int aclass, int depth)
{ {
const unsigned char *p, *q; const unsigned char *p, *q;
long plen; long plen;
@ -1175,13 +1185,15 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
/* If indefinite length constructed update max length */ /* If indefinite length constructed update max length */
if (cst) if (cst)
{ {
#ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS if (depth >= ASN1_MAX_STRING_NEST)
if (!asn1_collect(buf, &p, plen, ininf, tag, aclass)) {
ASN1err(ASN1_F_ASN1_COLLECT,
ASN1_R_NESTED_ASN1_STRING);
return 0;
}
if (!asn1_collect(buf, &p, plen, ininf, tag, aclass,
depth + 1))
return 0; return 0;
#else
ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
return 0;
#endif
} }
else if (plen && !collect_data(buf, &p, plen)) else if (plen && !collect_data(buf, &p, plen))
return 0; return 0;