CVSROOT: /cvs Module name: src Changes by: [email protected] 2019/04/10 10:23:55
Modified files:
lib/libcrypto/asn1: d2i_pr.c
Log message:
Avoid an overread caused by d2i_PrivateKey().
There are cases where the old_priv_decode() function can fail but consume
bytes. This will result in the pp pointer being advanced, which causes
d2i_PKCS8_PRIV_KEY_INFO() to be called with an advanced pointer and
incorrect length.
Fixes oss-fuzz #13803 and #14142.
ok deraadt@ tb@
