diff options
| author | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-09-14 11:41:59 +0000 |
|---|---|---|
| committer | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-09-14 11:41:59 +0000 |
| commit | 5450329ad1778d72f117b68e5edb97ae1bf4d438 (patch) | |
| tree | b221009982ff2eda51c30ae1179ab792158eb5b4 /ChangeLog | |
| parent | 8a81d04d2588d9c7a898473b431a0dabcab39fbd (diff) | |
asn1: fix out-of-bounds read in decoding constructed objects
* OpenSSL::ASN1.{decode,decode_all,traverse}: have a bug of
out-of-bounds read. int_ossl_asn1_decode0_cons() does not give the
correct available length to ossl_asn1_decode() when decoding the
inner components of a constructed object. This can cause
out-of-bounds read if a crafted input given.
Reference: https://hackerone.com/reports/170316
https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@59903 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -1,3 +1,16 @@ +Thu Sep 14 20:39:39 2017 Kazuki Yamaguchi <k@rhe.jp> + + asn1: fix out-of-bounds read in decoding constructed objects + + * OpenSSL::ASN1.{decode,decode_all,traverse}: have a bug of + out-of-bounds read. int_ossl_asn1_decode0_cons() does not give the + correct available length to ossl_asn1_decode() when decoding the + inner components of a constructed object. This can cause + out-of-bounds read if a crafted input given. + + Reference: https://hackerone.com/reports/170316 + https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b + Thu Sep 14 20:36:54 2017 Yusuke Endoh <mame@ruby-lang.org> lib/webrick/log.rb: sanitize any type of logs |