Fix a crash in the asn1parse command

Thanks to Sem Voigtländer for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5826)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2018-03-31 21:09:32 +0200
committer: Bernd Edlinger <bernd.edlinger@hotmail.de> 2018-04-03 16:02:16 +0200
commit: 752837e0664e990b5edf6f0b69e1b4612efadce0 (patch)
tree: d7ebf3e4322310729e2033e7e9a7b4b6f0d66fce /apps
parent: Use gnu_printf format attribute to minimise MinGW warnings (diff)
download: openssl-752837e0664e990b5edf6f0b69e1b4612efadce0.tar.xz
openssl-752837e0664e990b5edf6f0b69e1b4612efadce0.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index a391e0a6d7..89069439a8 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -226,7 +226,7 @@ int asn1parse_main(int argc, char **argv)
             ASN1_TYPE *atmp;
             int typ;
             j = atoi(sk_OPENSSL_STRING_value(osk, i));
-            if (j == 0) {
+            if (j <= 0 || j >= tmplen) {
                 BIO_printf(bio_err, "'%s' is an invalid number\n",
                            sk_OPENSSL_STRING_value(osk, i));
                 continue;
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2018-03-31 21:09:32 +0200
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>	2018-04-03 16:02:16 +0200
commit	752837e0664e990b5edf6f0b69e1b4612efadce0 (patch)
tree	d7ebf3e4322310729e2033e7e9a7b4b6f0d66fce /apps
parent	Use gnu_printf format attribute to minimise MinGW warnings (diff)
download	openssl-752837e0664e990b5edf6f0b69e1b4612efadce0.tar.xz openssl-752837e0664e990b5edf6f0b69e1b4612efadce0.zip