oss-sec mailing list archives
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)
From: Solar Designer <solar () openwall com>
Date: Sun, 22 Apr 2012 19:44:56 +0400
On Sun, Apr 22, 2012 at 04:23:11PM +0400, Solar Designer wrote:
Tavis posted a followup to my message, where he attached a testcase that was unfortunately above oss-security's message size limit - so the message did not make it to the list. I've gzip-compressed the file and have re-attached it to this message now (it's only 3 KB when compressed).
Turns out that file was mangled in transit. Tavis has posted the correct one on this URL: http://lock.cmpxchg8b.com/openssl-1.0.1-testcase-32bit.crt.gz SHA-256: ac7acb168a6bfd65375eeec072acbf904f0f10e3bc5588c020aed4df4712d066 $ gzip -vl openssl-1.0.1-testcase-32bit.crt.gz method crc date time compressed uncompressed ratio uncompressed_name defla 879c374f Apr 22 18:57 1389433 1431655797 99.9% openssl-1.0.1-testcase-32bit.crt With this one, I am able to trigger a problem on 32-bit (OpenSSL 1.0.0d with unrelated patches): $ zcat openssl-1.0.1-testcase-32bit.crt.gz | openssl x509 -inform DER *** glibc detected *** free(): invalid pointer: 0x45ff0008 *** Aborted That's in an OpenVZ container with privvmpages barrier at 3 GB. With 2 GB, I was getting: $ zcat openssl-1.0.1-testcase-32bit.crt.gz | openssl x509 -inform DER unable to load certificate 3083651232:error:07069041:memory buffer routines:BUF_MEM_grow_clean:malloc failure:buffer.c:152: 3083651232:error:0D06B041:asn1 encoding routines:ASN1_D2I_READ_BIO:malloc failure:a_d2i_fp.c:229: Alexander
Current thread:
- OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 20)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 22)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 22)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Tomas Hoger (Apr 24)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Tavis Ormandy (Apr 24)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 24)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 22)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Tavis Ormandy (Apr 24)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 22)