[gnutls-devel] libtasn1 | Potential Buffer Overrun in asn1_der_decoding2() (#50)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Thu Mar 7 15:27:07 CET 2024

Simon Josefsson commented: https://gitlab.com/gnutls/libtasn1/-/issues/50#note_1805772076

DER data is not NUL terminated, it has its own internal length encoding but generally that data cannot be trusted so you always have to pass around a DER-blob together with its known allocated memory size in C.

I didn't analyze the error further, more thinking is welcome.

Btw, I have added a CI/CD pipeline job to run coverity checks and it triggered a bunch of warnings that we should go through.  Probably they are quite similar to the errors you got.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/50#note_1805772076
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240307/db1b9530/attachment.html>

More information about the Gnutls-devel mailing list