[openssl.org #3335] Bug s3_srvr.c, SSL_kGOST incomplete (incorrect) decode ASN1 tag length

Serguei E. Leontiev via RT Tue, 29 Apr 2014 12:10:31 -0700

Hi,

Upon receipt GET_CLIENT_KEY_EXCHANGE (after /* Decrypt session key */):


1. Manual decoder ASN.1 tag incomplete;
2. Possible buffer overflow, because "inlen" don't checked;

Affected version: 1.0.0, 1.0.1, 1.0.2 and trunk.

Attachment "ccgost-asn.140428-lowasn1.patch" (1 KiB) change manual decoder to 
call of ASN1_get_object().

ccgost-asn.140429-lowasn1.patch
Description: Binary data


-- 
Sorry for my bests English.
 
Serguei E. Leontiev w:+7(495)939-2382 USSR,Moscow,Universitetskij 13
Sternberg Astronom. w:+7(495)780-4820 USSR,Moscow,127018,Sushchevskij val 16-5
Institute, MSU      h:+7(495)318-1146 USSR,Moscow,113303,Kakhovka 6-40
                    m:+7(916)686-1081 SMS: <http://www.mts.ru/sms>
           <http://lnfm1.sai.msu.ru/~leo>

[openssl.org #3335] Bug s3_srvr.c, SSL_kGOST incomplete (incorrect) decode ASN1 tag length

Reply via email to