diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-09-03 14:27:19 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-11-24 15:31:05 +0000 |
commit | a8731c0cb819302b1b790463fdb86d3af998a283 (patch) | |
tree | 9f83117920e93ac28d4f3bc43212d3d0f017e4ed | |
parent | 31172717e8324fbb01e1b3e65db6f5d48d7e352e (diff) | |
download | openssl-new-a8731c0cb819302b1b790463fdb86d3af998a283.tar.gz |
Limit depth of ASN1 parse printing.
Thanks to Guido Vranken <guidovranken@gmail.com> for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 158e5207a794603f5d64ffa95e0247c7808ab445)
Conflicts:
crypto/asn1/asn1_par.c
-rw-r--r-- | crypto/asn1/asn1_par.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index e15e341ad8..8120f26ded 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -62,6 +62,10 @@ #include <openssl/objects.h> #include <openssl/asn1.h> +#ifndef ASN1_PARSE_MAXDEPTH +#define ASN1_PARSE_MAXDEPTH 128 +#endif + static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, int indent); static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, @@ -134,6 +138,12 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, #else dump_indent = 6; /* Because we know BIO_dump_indent() */ #endif + + if (depth > ASN1_PARSE_MAXDEPTH) { + BIO_puts(bp, "BAD RECURSION DEPTH\n"); + goto end; + } + p = *pp; tot = p + length; op = p - 1; |