diff options
author | Bob Beck <beck@cvs.openbsd.org> | 2015-12-04 04:19:26 +0000 |
---|---|---|
committer | Bob Beck <beck@cvs.openbsd.org> | 2015-12-04 04:19:26 +0000 |
commit | c6f0c99f4686f6fcb8ed166cfe40abb1ee199001 (patch) | |
tree | 475fd8a5e8da97156a8a8e4939e5a72ce37fe69e | |
parent | 999400747eb8b86394f25d8d7eb333989242d66e (diff) |
Fix for OpenSSL CVE-2015-3195
ok djm@ jsing@
-rw-r--r-- | lib/libcrypto/asn1/tasn_dec.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/libcrypto/asn1/tasn_dec.c b/lib/libcrypto/asn1/tasn_dec.c index f08514dc832..dd350070f70 100644 --- a/lib/libcrypto/asn1/tasn_dec.c +++ b/lib/libcrypto/asn1/tasn_dec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_dec.c,v 1.27 2015/07/20 15:41:48 miod Exp $ */ +/* $OpenBSD: tasn_dec.c,v 1.28 2015/12/04 04:19:25 beck Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -166,6 +166,10 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, int otag; int ret = 0; ASN1_VALUE **pchptr; + int combine; + + combine = aclass & ASN1_TFLG_COMBINE; + aclass &= ~ASN1_TFLG_COMBINE; if (!pval) return 0; @@ -447,7 +451,8 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, auxerr: ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); err: - ASN1_item_ex_free(pval, it); + if (combine == 0) + ASN1_item_ex_free(pval, it); if (errtt) ERR_asprintf_error_data("Field=%s, Type=%s", errtt->field_name, it->sname); @@ -642,7 +647,7 @@ asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, } else { /* Nothing special */ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, 0, opt, ctx); + -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); |