In a mix of sequences the 'depth reached' error would not
be fully propagated.
Found with AFL.
switch (errcode) {
case ERR_DER_ELEMENT_SIZE_TOO_BIG:
case ERR_DER_INVALID_SIZE:
+ case ERR_DER_RECURSION_LIMIT:
SSLSetEvent(ssl_state,
TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH);
break;
/* refuse excessive recursion */
if (unlikely(depth == 255)) {
+ *errcode = ERR_DER_RECURSION_LIMIT;
return NULL;
}
#define ERR_DER_UNSUPPORTED_STRING 0x05
/* Missing field or element */
#define ERR_DER_MISSING_ELEMENT 0x06
+/* Generic error */
+#define ERR_DER_RECURSION_LIMIT 0x07
Asn1Generic * DecodeDer(const unsigned char *buffer, uint32_t size, uint32_t *errcode) __attribute__((nonnull));
void DerFree(Asn1Generic *a);
projects / thirdparty / suricata.git / commitdiff
