ASN1 sanity check.

Primitive encodings shouldn't use indefinite length constructed form. PR#2438 (partial).
author: Dr. Stephen Henson <steve@openssl.org> 2014-07-02 00:57:57 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2014-07-02 00:59:26 +0100
commit: 398e99fe5e06edb11f55a39ce0883d9aa633ffa9 (patch)
tree: 9dda297273d91b80d9cb1e4e84875702ed7e6698
parent: a5ff18bf90a204f04c878d777db6a6b25d9f63a9 (diff)
download: openssl-new-398e99fe5e06edb11f55a39ce0883d9aa633ffa9.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 74ca7d4fa3..f1360ed735 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
 	*pclass=xclass;
 	if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;
 
+	if (inf && !(ret & V_ASN1_CONSTRUCTED))
+		goto err;
+
 #if 0
 	fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n", 
 		(int)p,*plength,omax,(int)*pp,(int)(p+ *plength),
author	Dr. Stephen Henson <steve@openssl.org>	2014-07-02 00:57:57 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2014-07-02 00:59:26 +0100
commit	398e99fe5e06edb11f55a39ce0883d9aa633ffa9 (patch)
tree	9dda297273d91b80d9cb1e4e84875702ed7e6698
parent	a5ff18bf90a204f04c878d777db6a6b25d9f63a9 (diff)
download	openssl-new-398e99fe5e06edb11f55a39ce0883d9aa633ffa9.tar.gz