)]}'
{
  "commit": "0dcab9302f6e534e8af1cf3b8b402c9671421531",
  "tree": "79155e37d71905ff68586ea16df4917361ca06e0",
  "parents": [
    "bab14fa753e9d429371c27aff0d4d077add90bf4"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Thu Mar 14 18:31:16 2019 -0500"
  },
  "committer": {
    "name": "Adam Langley",
    "email": "agl@google.com",
    "time": "Mon Mar 18 17:19:12 2019 +0000"
  },
  "message": "Harden the lower level parts of crypto/asn1 against overflows.\n\nThe legacy ASN.1 stack contains an unsalvageable mix of integer types.\n82dfea8d9e65c4e57cc9fb2bd3f0dd49f5b31f45 bounded all inputs to the template\nmachinery, but sometimes code will call ASN1_get_object directly, such as the\njust deleted d2i_ASN1_UINTEGER.\n\nThanks to mlbrown for reporting the d2i_ASN1_UINTEGER overflow.\n\nBug: chromium:942269\nChange-Id: I2d4c8b7faf5dadd1b68dbdb51a5feae071ea2cb6\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35325\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "ea727f335fa6673cf20d20235ef7bbb8264ac412",
      "old_mode": 33188,
      "old_path": "crypto/asn1/asn1_lib.c",
      "new_id": "8526aba3894114055b1996b948a6e298c56c3d62",
      "new_mode": 33188,
      "new_path": "crypto/asn1/asn1_lib.c"
    }
  ]
}
