On Wed, Dec 11, 2024 at 04:22:06AM -0700, Theo Buehler wrote: > CVSROOT: /cvs > Module name: src > Changes by: t...@cvs.openbsd.org 2024/12/11 04:22:06 > > Modified files: > lib/libcrypto/asn1: tasn_fre.c > > Log message: > Avoid an oob access in asn1_item_free() > > As explained in a comment, this needs to loop backwards and the last tt-- > ends up pointing at &it->templates[-1], which isn't ok. Use a simple way > of looping, which is also ugly and involves some type confusion as pointed > out by claudio. However, type confusion is common in libcrypto's asn1 code > and won't be fixed anytime soon anyway. > > ok jsing >
Forgot to mention that this is part of https://boringssl-review.googlesource.com/c/boringssl/+/74089
