Re: PEM_read_PUBKEY does memory corruption on malformed input - security issue?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Oct 11, 2023 at 07:19:36PM +0200, Sascha Dierberg wrote:

> Thanks for the reply, see https://github.com/openssl/openssl/issues/22349
> too.

The reported problem is not reproducible in OpenSSL.  Any memory
corruption issue is highly likely to be some logic error in the
application.

It also seems rather likely that reading malformed (e.g., as in this
case,truncated) PEM objects is not that uncommon, and any issues in the
error path would have surfaced multiple times before.  Occam's razor, in
this case, strongly favours the calling code rather than OpenSSL.

-- 
    Viktor.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux