ASN1 sanity check.

Primitive encodings shouldn't use indefinite length constructed form. PR#2438 (partial).
2014-07-02 00:57:57 +01:00 · 2014-07-02 00:57:57 +01:00 · 398e99fe5e
commit 398e99fe5e
parent a5ff18bf90
1 changed files with 3 additions and 0 deletions
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
 	*pclass=xclass;
 	if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;

+	if (inf && !(ret & V_ASN1_CONSTRUCTED))
+		goto err;
+
 #if 0
 	fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n", 
 		(int)p,*plength,omax,(int)*pp,(int)(p+ *plength),