Reject invalid constructed encodings.

According to X6.90 null, object identifier, boolean, integer and enumerated types can only have primitive encodings: return an error if any of these are received with a constructed encoding. (Imported from upstream's 89f40f369f414b52e00f7230b0e3ce99e430a508.) Change-Id: Ia5d15eef72e379119f50fdbac4e92c4761bf5eaf Reviewed-on: https://boringssl-review.googlesource.com/2835 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@chromium.org> 2015-01-12 04:21:22 +0300
committer: Adam Langley <agl@google.com> 2015-01-15 00:49:23 +0300
commit: 1716b3d172e6e97f113576fa9bc834288b4b4402 (patch)
tree: 5c9969c8b7dfdeb3fd288208da4edb0af5ff278e /crypto/asn1/tasn_dec.c
parent: e3b2eebd047d26bfe264e28b6e86fbc93288e261 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 69bacecd..e8c5cd84 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -835,6 +835,16 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
 		}
 	else if (cst)
 		{
+		if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
+			|| utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER
+			|| utype == V_ASN1_ENUMERATED)
+			{
+			/* These types only have primitive encodings. */
+			OPENSSL_PUT_ERROR(ASN1, asn1_d2i_ex_primitive,
+				ASN1_R_TYPE_NOT_PRIMITIVE);
+			return 0;
+			}
+
 		buf.length = 0;
 		buf.max = 0;
 		buf.data = NULL;
author	David Benjamin <davidben@chromium.org>	2015-01-12 04:21:22 +0300
committer	Adam Langley <agl@google.com>	2015-01-15 00:49:23 +0300
commit	1716b3d172e6e97f113576fa9bc834288b4b4402 (patch)
tree	5c9969c8b7dfdeb3fd288208da4edb0af5ff278e /crypto/asn1/tasn_dec.c
parent	e3b2eebd047d26bfe264e28b6e86fbc93288e261 (diff)