summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2005-04-30 20:02:54 +0200
committerDr. Stephen Henson <steve@openssl.org>2005-04-30 20:02:54 +0200
commit7bdeeb64ac00caacfa476ac73bec52bea0aade34 (patch)
tree9605330f9bb0093c909db20c46404befd63f7950 /crypto
parentSome true positives fixed, toss some false positives. (diff)
downloadopenssl-7bdeeb64ac00caacfa476ac73bec52bea0aade34.tar.xz
openssl-7bdeeb64ac00caacfa476ac73bec52bea0aade34.zip
Don't attempt to parse nested ASN1 strings by default.
Diffstat (limited to 'crypto')
-rw-r--r--crypto/asn1/asn1.h1
-rw-r--r--crypto/asn1/asn1_err.c1
-rw-r--r--crypto/asn1/tasn_dec.c9
3 files changed, 9 insertions, 2 deletions
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index b8d69de450..a64861c045 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -1171,6 +1171,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_MISSING_VALUE 189
#define ASN1_R_MSTRING_NOT_UNIVERSAL 139
#define ASN1_R_MSTRING_WRONG_TAG 140
+#define ASN1_R_NESTED_ASN1_STRING 197
#define ASN1_R_NON_HEX_CHARACTERS 141
#define ASN1_R_NOT_ASCII_FORMAT 190
#define ASN1_R_NOT_ENOUGH_DATA 142
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index d236a9fd4b..8722281cd9 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -227,6 +227,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_MISSING_VALUE) ,"missing value"},
{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"},
{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG) ,"mstring wrong tag"},
+{ERR_REASON(ASN1_R_NESTED_ASN1_STRING) ,"nested asn1 string"},
{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS) ,"non hex characters"},
{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT) ,"not ascii format"},
{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) ,"not enough data"},
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 39a9d5a9aa..ed79535e66 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -3,7 +3,7 @@
* project 2000.
*/
/* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -1075,7 +1075,7 @@ static int asn1_find_end(const unsigned char **in, long len, char inf)
expected_eoc = 1;
/* Indefinite length constructed form. Find the end when enough EOCs
* are found. If more indefinite length constructed headers
- * are encountered increment the expected eoc count otherwise just
+ * are encountered increment the expected eoc count otherwise justi
* skip to the end of the data.
*/
while (len > 0)
@@ -1159,8 +1159,13 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
/* If indefinite length constructed update max length */
if (cst)
{
+#ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS
if (!asn1_collect(buf, &p, plen, ininf, tag, aclass))
return 0;
+#else
+ ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
+ return 0;
+#endif
}
else if (!collect_data(buf, &p, plen))
return 0;