Home GnuPG
Diffusion libksba 89d898346b75

Limit allocation in the BER decoder to 16 MiB.
89d898346b75Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

Limit allocation in the BER decoder to 16 MiB.

* src/ber-decoder.c (MAX_IMAGE_LENGTH): New.
(decoder_next): Limit allcoation to MAX_IMAGE_LENGTH.
(_ksba_ber_decoder_dump, _ksba_ber_decoder_decode): Ditto.

We allocate the image used to allocate BER encoded data from the
provided length in the object. However, this length may be given
arbitrary and we would thus try to allocate huge amounts of
memory (and zero them out since commit 2a9fc56) unless the user has
set an appropriate ulimit. This is not desirable and thus we better
bail out early if a strange (ie. very large object is seen).

That whole table driven parser is a mess.

  • Reported-by: Pascal Cuoq <cuoq 'at' trust-in-soft com>
  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Provenance
wernerAuthored on Aug 22 2016, 10:47 AM
Parents
rKeb7833b8720c: Encode OCSP nonce value as an octet string (RFC 6960)
Branches
Unknown
Tags
Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rK89d898346b75: Limit allocation in the BER decoder to 16 MiB. (authored by Werner Koch <wk@gnupg.org>).Aug 22 2016, 10:47 AM

Changes (1)

PathSize
src/

rK89d898346b75

View Options

src/ber-decoder.c

Loading...