[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: malformed asn1 definition causes segfault
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
Re: malformed asn1 definition causes segfault |
|
Date: |
Tue, 27 Jan 2015 13:22:38 +0100 |
On Sun, Jan 25, 2015 at 11:33 PM, Hanno Böck <address@hidden> wrote:
> Hi,
> Attached is a malformed asn1 definition that causes a segfault in
> libtasn1. To test:
> asn1Decoding segf.asn x x
> Address Sanitizer trace:
> ==472==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
> (pc 0x7fe4db0d256a sp 0x7fffe42ef2a8 bp 0x7fffe42ef2e0 T0) #0
> 0x7fe4db0d2569 in strlen (/lib64/libc.so.6+0x82569) #1 0x7fe4db41dcb5
> in strlen (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.2/libasan.so.1+0x32cb5)
> #2 0x43df3c in
> _asn1_expand_object_id /tmp/libtasn1-4.2/lib/parser_aux.c:704 #3
> 0x4123f8 in asn1_parser2tree /tmp/libtasn1-4.2/lib/ASN1.y:704 #4
> 0x403183 in main /tmp/libtasn1-4.2/src/asn1Decoding.c:142 #5
> 0x7fe4db06ff9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f) #6
> 0x4049f1 (/tmp/libtasn1-4.2/src/asn1Decoding+0x4049f1)
> Please note: This is only in the asn1 definition parser, not in the
> asn1 parser itself, so the impact is probably minor. Still it should
> probably be fixed.
Thanks, noted.
> Found with the help of american fuzzy lop.
I'm curious, did you check libtasn1 on the DER parsing part as well?
regards,
Nikos