openssl

History

Matt Caswell 4cabbb9f48 Limit ASN.1 constructed types recursive definition depth Constructed types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. Therefore we limit the stack depth. CVE-2018-0739 Credit to OSSFuzz for finding this issue. Reviewed-by: Rich Salz <rsalz@openssl.org>	2018-03-27 10:22:49 +01:00
..
internal	Remove QNX support	2018-03-26 14:10:57 -04:00
openssl	Limit ASN.1 constructed types recursive definition depth	2018-03-27 10:22:49 +01:00

Matt Caswell 4cabbb9f48 Limit ASN.1 constructed types recursive definition depth

Constructed types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. Therefore we limit the stack depth.

CVE-2018-0739

Credit to OSSFuzz for finding this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>

2018-03-27 10:22:49 +01:00

internal

Remove QNX support

2018-03-26 14:10:57 -04:00

openssl

Limit ASN.1 constructed types recursive definition depth

2018-03-27 10:22:49 +01:00