[gnutls-devel] libtasn1 | Potential Buffer Overrun in asn1_der_decoding2() (#50)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Thu Mar 7 15:27:07 CET 2024
Simon Josefsson commented: https://gitlab.com/gnutls/libtasn1/-/issues/50#note_1805772076
DER data is not NUL terminated, it has its own internal length encoding but generally that data cannot be trusted so you always have to pass around a DER-blob together with its known allocated memory size in C.
I didn't analyze the error further, more thinking is welcome.
Btw, I have added a CI/CD pipeline job to run coverity checks and it triggered a bunch of warnings that we should go through. Probably they are quite similar to the errors you got.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/50#note_1805772076
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240307/db1b9530/attachment.html>
More information about the Gnutls-devel
mailing list