review.tizen.org Git - platform/upstream/nodejs.git/commit

author	jaekuk, lee <juku1999@samsung.com>
	Mon, 12 Jun 2017 04:24:12 +0000 (13:24 +0900)
committer	jaekuk, lee <juku1999@samsung.com>
	Mon, 12 Jun 2017 05:19:48 +0000 (14:19 +0900)
commit	84b55ebc5c26fc6321b657dafae04570bd6815ca
tree	b23d213aaa47a6908cfb9879d9c412f12d84e478	tree \| snapshot
parent	f8188fce2c61fef30e15ed2a4884d42755451136	commit \| diff

Fix ASN1_INTEGER handling

https://nvd.nist.gov/vuln/detail/CVE-2016-2108

https://git.openssl.org/?p=openssl.git;a=commit;h=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27
Only treat an ASN1_ANY type as an integer if it has the V_ASN1_INTEGER
tag: V_ASN1_NEG_INTEGER is an internal only value which is never used
for on the wire encoding.
Thanks to David Benjamin <davidben@google.com> for reporting this bug.
This was found using libFuzzer.
RT#4364 (part)CVE-2016-2108.

Change-Id: I51260381d49ce01ea061a35d028e13f8b4c120f7
Signed-off-by: jaekuk, lee <juku1999@samsung.com>

deps/openssl/openssl/crypto/asn1/a_type.c	[changed mode: 0644->0755]	diff \| blob \| history
deps/openssl/openssl/crypto/asn1/tasn_dec.c	[changed mode: 0644->0755]	diff \| blob \| history
deps/openssl/openssl/crypto/asn1/tasn_enc.c	[changed mode: 0644->0755]	diff \| blob \| history