boringssl/crypto/asn1
David Benjamin cb852981cd Fix leak with ASN.1 combine.
When parsing a combined structure pass a flag to the decode routine
so on error a pointer to the parent structure is not zeroed as
this will leak any additional components in the parent.

This can leak memory in any application parsing PKCS#7 or CMS structures.

CVE-2015-3195.

Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
libFuzzer.

PR#4131

(Imported from upstream's cc598f321fbac9c04da5766243ed55d55948637d, with test
from our original report. Verified ASan trips up on the test without the fix.)

Change-Id: I007d93f172b2f16bf6845d685d72717ed840276c
Reviewed-on: https://boringssl-review.googlesource.com/6615
Reviewed-by: Adam Langley <agl@google.com>
2015-12-03 16:43:34 +00:00
..
a_bitstr.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
a_bool.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
a_bytes.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
a_d2i_fp.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
a_dup.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
a_enum.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
a_gentm.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
a_i2d_fp.c Fix the type of ASN1_i2d_bio's last argument. 2015-08-28 22:03:54 +00:00
a_int.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
a_mbstr.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
a_object.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
a_octet.c Inital import. 2014-06-20 13:17:32 -07:00
a_print.c Remove CHARSET_EBCDIC 2014-07-07 19:30:35 +00:00
a_strnid.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
a_time.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
a_type.c Fix ASN1_TYPE_cmp 2015-03-19 19:48:41 +00:00
a_utctm.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
a_utf8.c Inital import. 2014-06-20 13:17:32 -07:00
asn1_lib.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
asn1_locl.h Move the X509_NAME typedef into x509.h. 2014-10-28 22:38:38 +00:00
asn1_par.c Fix wrong numbers being passed as string lengths 2015-03-19 11:07:45 +00:00
asn_pack.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
bio_asn1.c Remove string.h from base.h. 2015-02-02 19:14:15 +00:00
bio_ndef.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
charmap.pl Tag a number of globals as const. 2015-01-14 21:53:00 +00:00
CMakeLists.txt Move arm_arch.h and fix up lots of include paths. 2015-08-26 01:57:59 +00:00
f_enum.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
f_int.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
f_string.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
t_bitst.c Remove string.h from base.h. 2015-02-02 19:14:15 +00:00
t_pkey.c Inital import. 2014-06-20 13:17:32 -07:00
tasn_dec.c Fix leak with ASN.1 combine. 2015-12-03 16:43:34 +00:00
tasn_enc.c Remove string.h from base.h. 2015-02-02 19:14:15 +00:00
tasn_fre.c Convert reference counts in crypto/ 2015-05-20 19:15:26 +00:00
tasn_new.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
tasn_prn.c Become partially -Wmissing-variable-declarations-clean. 2015-11-12 20:09:20 +00:00
tasn_typ.c Allocate string types directly. 2015-03-19 11:47:52 +00:00
tasn_utl.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
x_bignum.c Fix several warnings that arise in Android. 2015-10-30 21:11:48 +00:00
x_long.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00