Home GnuPG
Diffusion libksba a7eed17a0b2a

Fix possible read access beyond the buffer.
a7eed17a0b2aUnpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

Fix possible read access beyond the buffer.

* src/ber-help.c (_ksba_ber_parse_tl): Add extra sanity check.
* src/cert.c (ksba_cert_get_cert_policies): Check TLV given length
against buffer length.
(ksba_cert_get_ext_key_usages): Ditto.
* src/ocsp.c (parse_asntime_into_isotime): Ditto.

The returned length of the object from _ksba_ber_parse_tl (ti.length)
was not always checked against the actual buffer length, thus leading
to a read access after the end of the buffer and thus a segv.

  • GnuPG-bug-id: T2344
  • Reported-by: Pascal Cuoq
  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Provenance
wernerAuthored on May 3 2016, 2:10 PM
Parents
rK3d968bbffc3a: Add more curves to the name->OID table.
Branches
Unknown
Tags
Unknown

Changes (4)

PathSize
src/

rKa7eed17a0b2a

View Options

src/ber-help.c

Loading...
View Options

src/cert.c

Loading...
View Options

src/name.c

Loading...
View Options

src/ocsp.c

Loading...