encoding/asn1: truncated ASN.1 with explicitly tagged elements can panic.

[agl]

Thanks to Kyle Isom for fuzzing and finding that it's possible to panic encoding/asn1.Unmarshal when ASN.1 data is truncated after an explicit tag.

This can affect the parsing of various ASN.1 structures, most importantly X.509 certificates. TLS servers without client-authentication enabled (which is the vast majority of them) should be unaffected. Also, even with client-authentication enabled, calling code often catches and handles any panics.

TLS clients can be forced into panicking if the server sends a suitably crafted certificate.

[gopherbot]

CL https://golang.org/cl/10712 mentions this issue.