ASN1_get_object should not accept large universal tags.

The high bits of the type get used for the V_ASN1_NEG bit, so when used with ASN1_ANY/ASN1_TYPE, universal tags become ambiguous. This allows one to create a negative zero, which should be impossible. Impose an upper bound on universal tags accepted by crypto/asn1 and add a test. BUG=590615 Change-Id: I363e01ebfde621c8865101f5bcbd5f323fb59e79 Reviewed-on: https://boringssl-review.googlesource.com/7238 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@google.com> 2016-02-29 23:42:59 +0300
committer: Adam Langley <agl@google.com> 2016-03-01 00:17:19 +0300
commit: fb2c6f8c8565e1e2d85c24408050c96521acbcdc (patch)
tree: affbfa57e4f6bc8524ab01e1608f0d00a6e4937f /include/openssl/asn1.h
parent: 7e8ed440135c166d0a29e28548b485b66d1645b8 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index ae732e2a..8296ca4b 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -85,6 +85,9 @@ extern "C" {
 #define V_ASN1_ANY			-4	/* used in ASN1 template code */
 
 #define V_ASN1_NEG			0x100	/* negative flag */
+/* No supported universal tags may exceed this value, to avoid ambiguity with
+ * V_ASN1_NEG. */
+#define V_ASN1_MAX_UNIVERSAL		0xff
 
 #define V_ASN1_UNDEF			-1
 #define V_ASN1_EOC			0
author	David Benjamin <davidben@google.com>	2016-02-29 23:42:59 +0300
committer	Adam Langley <agl@google.com>	2016-03-01 00:17:19 +0300
commit	fb2c6f8c8565e1e2d85c24408050c96521acbcdc (patch)
tree	affbfa57e4f6bc8524ab01e1608f0d00a6e4937f /include/openssl/asn1.h
parent	7e8ed440135c166d0a29e28548b485b66d1645b8 (diff)