oss-sec mailing list archives
Re: Re: CVE request: three issues in libksba
From: Andreas Stieger <astieger () suse com>
Date: Tue, 10 May 2016 14:09:11 +0200
Hello, On 04/29/2016 06:13 PM, cve-assign () mitre org wrote:
Integer overflow in the DN decoder src/dn.chttp://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3 This might be an error in the original https://security.gentoo.org/glsa/201604-04 advisory. We did not notice any obvious relationship between 243d12fdec66a4360fbb3e307a046b39b5b4ffc3 and an integer overflow fix. The 243d12fdec66a4360fbb3e307a046b39b5b4ffc3 commit message seems to focus on "read access out of bounds." Also, there is no other recent commit at http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=history;f=src/dn.c that refers to an integer overflow. Possibly there was an inapplicable copy-and-paste of "Integer overflow in the" from the previous report about the BER decoder. Use CVE-2016-4356 for the 243d12fdec66a4360fbb3e307a046b39b5b4ffc3 issue that is described as "Fix encoding of invalid utf-8 strings in dn.c" and "read access out of bounds."
There is a follow-up fix in libksba 1.3.4 for this issue: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=6be61daac047d8e6aa941eb103f8e71a1d4e3c75
Fix an OOB read access in _ksba_dn_to_str. * src/dn.c (append_utf8_value): Use a straightforward check to fix an off-by-one. -- The old fix for the problem from April 2015 had an off-by-one in the bad encoding handing. Fixes-commit: 243d12fdec66a4360fbb3e307a046b39b5b4ffc3 <http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=object;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3> GnuPG-bug-id: 2344 Reported-by: Pascal Cuoq Signed-off-by: Werner Koch <wk () gnupg org>
Andreas -- Andreas Stieger <astieger () suse com> Project Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request: three issues in libksba Martin Prpic (Apr 29)
- Re: CVE request: three issues in libksba cve-assign (Apr 29)
- Re: Re: CVE request: three issues in libksba Andreas Stieger (May 10)
- Re: CVE request: three issues in libksba cve-assign (May 10)
- Re: Re: CVE request: three issues in libksba Andreas Stieger (May 10)
- Re: CVE request: three issues in libksba cve-assign (Apr 29)