Limit depth of ASN1 parse printing.

Thanks to Guido Vranken <guidovranken@gmail.com> for reporting this issue. Reviewed-by: N Tim Hudson <tjh@openssl.org>

Limit depth of ASN1 parse printing.
Thanks to Guido Vranken <guidovranken@gmail.com> for reporting this issue. Reviewed-by: N Tim Hudson <tjh@openssl.org>
158e5207 · Dr. Stephen Henson · de17db91 · 158e5207
隐藏空白更改
内联并排

Showing with 9 addition and 0 deletion

crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c +9 -0

未找到文件。
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -62,6 +62,10 @@
 #include <openssl/objects.h>
 #include <openssl/asn1.h>

+#ifndef ASN1_PARSE_MAXDEPTH
+#define ASN1_PARSE_MAXDEPTH 128
+#endif
+
 static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
                           int indent);
 static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
@@ -123,6 +127,11 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
    /* ASN1_BMPSTRING *bmp=NULL; */
    int dump_indent;

+    if (depth > ASN1_PARSE_MAXDEPTH) {
+            BIO_puts(bp, "BAD RECURSION DEPTH\n");
+            goto end;
+    }
+
    dump_indent = 6;            /* Because we know BIO_dump_indent() */
    p = *pp;
    tot = p + length;