oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Null pointer access in inflatehd tool (nghttp2)

From: Hanno Böck <hanno () hboeck de>
Date: Thu, 4 Jun 2015 00:29:04 +0200
https://blog.fuzzing-project.org/14-Null-pointer-access-in-inflatehd-tool-nghttp2.html

The nghttp2 library ships two tools to parse http headers packed with
the hpack algorithm. An invalid input file can crash the inflatehd
tool. This is a bug in the tool, there is no issue in the library.

This issue was fixed in version 0.7.15 of nghttp2.

One day of fuzzing both the inflatehd and deflatehd turned up no other
issues.

Sample input file
https://crashes.fuzzing-project.org/nghttp2-inflatehd-nullptr
Git commit / patch
https://github.com/tatsuhiro-t/nghttp2/commit/3572e7c6343cb85fc21f5667a7ed0902cf5305cf
Upstream bug report
https://github.com/tatsuhiro-t/nghttp2/issues/235
nghttp 0.7.15 release notes
https://github.com/tatsuhiro-t/nghttp2/releases/tag/v0.7.15

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: _bin
Description: OpenPGP digital signature

Previous By Date Next
Previous By Thread Next

Current thread: