From f467727db5ff6a6e58d9b590e4d443a1d974b679 Mon Sep 17 00:00:00 2001
From: Gary Lockyer <gary@catalyst.net.nz>
Date: Fri, 3 Apr 2020 12:18:03 +1300
Subject: CVE-2020-10704: lib util asn1: Add ASN.1 max tree depth

Add maximum parse tree depth to the call to asn1_init, which will be
used to limit the depth of the ASN.1 parse tree.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 auth/gensec/gensec_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'auth')

diff --git a/auth/gensec/gensec_util.c b/auth/gensec/gensec_util.c
index 20c9c2a1fbb..e185acc0c20 100644
--- a/auth/gensec/gensec_util.c
+++ b/auth/gensec/gensec_util.c
@@ -76,7 +76,7 @@ NTSTATUS gensec_generate_session_info_pac(TALLOC_CTX *mem_ctx,
 static bool gensec_gssapi_check_oid(const DATA_BLOB *blob, const char *oid)
 {
 	bool ret = false;
-	struct asn1_data *data = asn1_init(NULL);
+	struct asn1_data *data = asn1_init(NULL, ASN1_MAX_TREE_DEPTH);
 
 	if (!data) return false;
 
-- 
cgit v1.2.1