On Sun, Jan 25, 2015 at 11:33 PM, Hanno Böck <[email protected]> wrote: > Hi, > Attached is a malformed asn1 definition that causes a segfault in > libtasn1. To test: > asn1Decoding segf.asn x x > Address Sanitizer trace: > ==472==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 > (pc 0x7fe4db0d256a sp 0x7fffe42ef2a8 bp 0x7fffe42ef2e0 T0) #0 > 0x7fe4db0d2569 in strlen (/lib64/libc.so.6+0x82569) #1 0x7fe4db41dcb5 > in strlen (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.2/libasan.so.1+0x32cb5) > #2 0x43df3c in > _asn1_expand_object_id /tmp/libtasn1-4.2/lib/parser_aux.c:704 #3 > 0x4123f8 in asn1_parser2tree /tmp/libtasn1-4.2/lib/ASN1.y:704 #4 > 0x403183 in main /tmp/libtasn1-4.2/src/asn1Decoding.c:142 #5 > 0x7fe4db06ff9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f) #6 > 0x4049f1 (/tmp/libtasn1-4.2/src/asn1Decoding+0x4049f1) > Please note: This is only in the asn1 definition parser, not in the > asn1 parser itself, so the impact is probably minor. Still it should > probably be fixed.
Thanks, noted. > Found with the help of american fuzzy lop. I'm curious, did you check libtasn1 on the DER parsing part as well? regards, Nikos
