Attachment 97994 Details for Bug 148654 – openssl-CVE-2006-2937.patch

[patch] openssl-CVE-2006-2937.patch

openssl-CVE-2006-2937.patch (text/plain), 1.11 KB, created by Sune Kloppenborg Jeppesen (RETIRED) on 2006-09-24 22:30:18 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Sune Kloppenborg Jeppesen (RETIRED)

Created: 2006-09-24 22:30:18 UTC

Size: 1.11 KB

patch

obsolete

>Dr S N Henson of the OpenSSL core team and Open Network Security
>recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When
>the test suite was run against OpenSSL two denial of service
>vulnerabilities were discovered.
>
>During the parsing of certain invalid ASN1 structures an error
>condition is mishandled. This can result in an infinite loop which
>consumes system memory.  CVE-2006-2938
>
>Any code which uses OpenSSL to parse ASN1 data from untrusted sources is
>affected. This includes SSL servers which enable client authentication
>and S/MIME applications.
>
>This issue affects 0.9.7 and 0.9.8 but not 0.9.6 and earlier
>
>diff -ur -x CVS openssl8/crypto/asn1/tasn_dec.c ossl8/crypto/asn1/tasn_dec.c
>--- crypto/asn1/tasn_dec.c     2006-08-31 21:08:20.000000000 +0100
>+++ crypto/asn1/tasn_dec.c        2006-08-31 21:38:19.000000000 +0100
>@@ -832,6 +832,9 @@
>                }
>        else if (ret == -1)
>                return -1;
>+
>+       ret = 0;
>+
>        /* SEQUENCE, SET and "OTHER" are left in encoded form */
>        if ((utype == V_ASN1_SEQUENCE)
>                || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER))
>
>

Actions: View | Diff

Attachments on bug 148654: 97750 | 97994 | 97995 | 97996