Limit depth of ASN1 parse printing.

(Imported from upstream's d88ef40a1e5c81d0d32b4a431e55f5456e678dd2 and 943c4ca62b3f5a160340d57aecb9413407a06e15.) Change-Id: Idd52aebae6839695be0f3a8a7659adeec6650b98 Reviewed-on: https://boringssl-review.googlesource.com/6556 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@chromium.org> 2015-11-25 01:19:12 +0300
committer: Adam Langley <agl@google.com> 2015-12-15 22:06:04 +0300
commit: c100ef43790a0f3da3018325fe1486f6fe2558f1 (patch)
tree: f847105f626b4db75f9ee74332246e4f3395bd54 /crypto/asn1
parent: 2205093e7e884d390f05e30202ea7fc2c4eb137c (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
index aff3e2b7..e04aa1e7 100644
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -61,6 +61,8 @@
 #include <openssl/mem.h>
 
 
+#define ASN1_PARSE_MAXDEPTH 128
+
 static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
 	int indent);
 static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
@@ -125,6 +127,13 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse
 #else
 	dump_indent = 6;	/* Because we know BIO_dump_indent() */
 #endif
+
+	if (depth > ASN1_PARSE_MAXDEPTH)
+		{
+		BIO_puts(bp, "BAD RECURSION DEPTH\n");
+		return 0;
+		}
+
 	p= *pp;
 	tot=p+length;
 	op=p-1;
author	David Benjamin <davidben@chromium.org>	2015-11-25 01:19:12 +0300
committer	Adam Langley <agl@google.com>	2015-12-15 22:06:04 +0300
commit	c100ef43790a0f3da3018325fe1486f6fe2558f1 (patch)
tree	f847105f626b4db75f9ee74332246e4f3395bd54 /crypto/asn1
parent	2205093e7e884d390f05e30202ea7fc2c4eb137c (diff)