Fix ASN1_INTEGER handling

https://nvd.nist.gov/vuln/detail/CVE-2016-2108 https://git.openssl.org/?p=openssl.git;a=commit;h=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27 Only treat an ASN1_ANY type as an integer if it has the V_ASN1_INTEGER tag: V_ASN1_NEG_INTEGER is an internal only value which is never used for on the wire encoding. Thanks to David Benjamin <davidben@google.com> for reporting this bug. This was found using libFuzzer. RT#4364 (part)CVE-2016-2108. Change-Id: I51260381d49ce01ea061a35d028e13f8b4c120f7 Signed-off-by: jaekuk, lee <juku1999@samsung.com>
author: jaekuk, lee <juku1999@samsung.com> 2017-06-12 13:24:12 +0900
committer: jaekuk, lee <juku1999@samsung.com> 2017-06-12 14:19:48 +0900
commit: 84b55ebc5c26fc6321b657dafae04570bd6815ca (patch)
tree: b23d213aaa47a6908cfb9879d9c412f12d84e478 /deps
parent: f8188fce2c61fef30e15ed2a4884d42755451136 (diff)
download: nodejs-84b55ebc5c26fc6321b657dafae04570bd6815ca.tar.gz
nodejs-84b55ebc5c26fc6321b657dafae04570bd6815ca.tar.bz2
nodejs-84b55ebc5c26fc6321b657dafae04570bd6815ca.zip
3 files changed, 0 insertions, 6 deletions
diff --git a/deps/openssl/openssl/crypto/asn1/a_type.c b/deps/openssl/openssl/crypto/asn1/a_type.c
index af795306b..bb166e856 100644..100755
--- a/deps/openssl/openssl/crypto/asn1/a_type.c
+++ b/deps/openssl/openssl/crypto/asn1/a_type.c
@@ -126,9 +126,7 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
         result = 0;             /* They do not have content. */
         break;
     case V_ASN1_INTEGER:
-    case V_ASN1_NEG_INTEGER:
     case V_ASN1_ENUMERATED:
-    case V_ASN1_NEG_ENUMERATED:
     case V_ASN1_BIT_STRING:
     case V_ASN1_OCTET_STRING:
     case V_ASN1_SEQUENCE:
diff --git a/deps/openssl/openssl/crypto/asn1/tasn_dec.c b/deps/openssl/openssl/crypto/asn1/tasn_dec.c
index 5a507967c..6bdcd5c54 100644..100755
--- a/deps/openssl/openssl/crypto/asn1/tasn_dec.c
+++ b/deps/openssl/openssl/crypto/asn1/tasn_dec.c
@@ -901,9 +901,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
         break;
 
     case V_ASN1_INTEGER:
-    case V_ASN1_NEG_INTEGER:
     case V_ASN1_ENUMERATED:
-    case V_ASN1_NEG_ENUMERATED:
         tint = (ASN1_INTEGER **)pval;
         if (!c2i_ASN1_INTEGER(tint, &cont, len))
             goto err;
diff --git a/deps/openssl/openssl/crypto/asn1/tasn_enc.c b/deps/openssl/openssl/crypto/asn1/tasn_enc.c
index f04a6892a..f7f83e56a 100644..100755
--- a/deps/openssl/openssl/crypto/asn1/tasn_enc.c
+++ b/deps/openssl/openssl/crypto/asn1/tasn_enc.c
@@ -611,9 +611,7 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
         break;
 
     case V_ASN1_INTEGER:
-    case V_ASN1_NEG_INTEGER:
     case V_ASN1_ENUMERATED:
-    case V_ASN1_NEG_ENUMERATED:
         /*
          * These are all have the same content format as ASN1_INTEGER
          */
author	jaekuk, lee <juku1999@samsung.com>	2017-06-12 13:24:12 +0900
committer	jaekuk, lee <juku1999@samsung.com>	2017-06-12 14:19:48 +0900
commit	84b55ebc5c26fc6321b657dafae04570bd6815ca (patch)
tree	b23d213aaa47a6908cfb9879d9c412f12d84e478 /deps
parent	f8188fce2c61fef30e15ed2a4884d42755451136 (diff)
download	nodejs-84b55ebc5c26fc6321b657dafae04570bd6815ca.tar.gz nodejs-84b55ebc5c26fc6321b657dafae04570bd6815ca.tar.bz2 nodejs-84b55ebc5c26fc6321b657dafae04570bd6815ca.zip