GitHub/openssl
1
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-05-07 20:12:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

The tag value must fit into int

Browse Source 
We cannot allow an unbounded tag value as this is an O(n^2) algorithm
and the tag cannot be larger than INT_MAX anyway.
Fixes 35852da1d9

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.foundation>
Reviewed-by: Simo Sorce <simo@redhat.com>
MergeDate: Thu May  7 12:21:26 2026
(Merged from https://github.com/openssl/openssl/pull/31091)
This commit is contained in:
Tomas Mraz
2026-05-05 17:01:42 +02:00
committed by Norbert Pocs
parent e734e38ab6
commit 7d17b2e3e4
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
crypto/asn1/a_d2i_fp.c
+7
View File
@@ -167,8 +167,15 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
diff--;
if ((*(q++) & V_ASN1_PRIMITIVE_TAG) == V_ASN1_PRIMITIVE_TAG) {
unsigned int i = 0;
/* Multi-byte tag. See if we have the whole thing yet */
do {
if (i > 4) {
/* The tag value must fit into int */
ERR_raise(ERR_LIB_ASN1, ASN1_R_HEADER_TOO_LONG);
goto err;
}
++i;
diff--;
} while (diff > 0 && *(q++) & 0x80);