CVSROOT: /cvs
Module name: src
Changes by: inogu...@cvs.openbsd.org 2022/01/14 16:55:46
Modified files:
lib/libcrypto/asn1: asn1_par.c
Log message:
Avoid buffer overflow in asn1_parse2
asn1_par.c r1.29 changed to access p[0] directly, and this pointer could be
overrun since ASN1_get_object advances pointer to the first content octet.
In case invalid ASN1 Boolean data, it has length but no content, I thought
this could be happen.
Adding check p with tot (diff below) will avoid this failure.
Reported by oss-fuzz 43633 and 43648(later)
ok tb@
