oss-sec mailing list archives
Null pointer access in inflatehd tool (nghttp2)
From: Hanno Böck <hanno () hboeck de>
Date: Thu, 4 Jun 2015 00:29:04 +0200
https://blog.fuzzing-project.org/14-Null-pointer-access-in-inflatehd-tool-nghttp2.html The nghttp2 library ships two tools to parse http headers packed with the hpack algorithm. An invalid input file can crash the inflatehd tool. This is a bug in the tool, there is no issue in the library. This issue was fixed in version 0.7.15 of nghttp2. One day of fuzzing both the inflatehd and deflatehd turned up no other issues. Sample input file https://crashes.fuzzing-project.org/nghttp2-inflatehd-nullptr Git commit / patch https://github.com/tatsuhiro-t/nghttp2/commit/3572e7c6343cb85fc21f5667a7ed0902cf5305cf Upstream bug report https://github.com/tatsuhiro-t/nghttp2/issues/235 nghttp 0.7.15 release notes https://github.com/tatsuhiro-t/nghttp2/releases/tag/v0.7.15 -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Null pointer access in inflatehd tool (nghttp2) Hanno Böck (Jun 03)