diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-04-15 02:37:09 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-05-03 13:06:15 +0100 |
commit | d7ab691bc479d3cf2eea07329db6ce0e2589f0b9 (patch) | |
tree | ad78427ab9613eaf07a1e4d48e5680cc9b2dc81c /crypto/asn1/tasn_enc.c | |
parent | d202a602e07b7090e3e5d75216b47cc7eb6fd4b6 (diff) |
Fix ASN1_INTEGER handling.
Only treat an ASN1_ANY type as an integer if it has the V_ASN1_INTEGER
tag: V_ASN1_NEG_INTEGER is an internal only value which is never used
for on the wire encoding.
Thanks to David Benjamin <davidben@google.com> for reporting this bug.
This was found using libFuzzer.
RT#4364 (part)CVE-2016-2108.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Diffstat (limited to 'crypto/asn1/tasn_enc.c')
-rw-r--r-- | crypto/asn1/tasn_enc.c | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index 0d25cf9d75..ae00a61d6e 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -600,9 +600,7 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, cout ? &cout : NULL); case V_ASN1_INTEGER: - case V_ASN1_NEG_INTEGER: case V_ASN1_ENUMERATED: - case V_ASN1_NEG_ENUMERATED: /* * These are all have the same content format as ASN1_INTEGER */ |