CVSROOT: /cvs Module name: src Changes by: inogu...@cvs.openbsd.org 2022/01/14 16:55:46
Modified files: lib/libcrypto/asn1: asn1_par.c Log message: Avoid buffer overflow in asn1_parse2 asn1_par.c r1.29 changed to access p[0] directly, and this pointer could be overrun since ASN1_get_object advances pointer to the first content octet. In case invalid ASN1 Boolean data, it has length but no content, I thought this could be happen. Adding check p with tot (diff below) will avoid this failure. Reported by oss-fuzz 43633 and 43648(later) ok tb@