oss-sec mailing list archives
Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
From: Hanno Böck <hanno () hboeck de>
Date: Wed, 2 Nov 2022 15:09:21 +0100
FWIW it only takes a basically trivial fuzz target on the affected function to find this bug with libfuzzer. In OpenSSL 3.0.5 code do: ./config no-shared CC=clang CFLAGS="-fsanitize=fuzzer-no-link,address" clang -fsanitize=fuzzer,address -I$(pwd)/include punyfuzz.c libcrypto.a with this in punyfuzz.c: #include <stddef.h> #include <stdint.h> #include "crypto/punycode.h" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { unsigned int bar[32]; unsigned int x = 32; ossl_punycode_decode((const char *)data, size, bar, &x); return 0; } Run ./a.out and it'll crash with an ASAN error almost instantly. -- Hanno Böck https://hboeck.de/
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786), (continued)
- Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Steffen Nurpmeso (Nov 02)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Tavis Ormandy (Nov 02)
- Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Alex Gaynor (Nov 02)
- Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Neal H. Walfield (Nov 03)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Demi Marie Obenour (Nov 01)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Erin Shepherd (Nov 01)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Demi Marie Obenour (Nov 01)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Alex Gaynor (Nov 01)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) alice (Nov 02)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Kurt H Maier (Nov 02)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Steffen Nurpmeso (Nov 03)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) John Helmert III (Nov 03)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Tavis Ormandy (Nov 03)
- Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Kurt H Maier (Nov 03)
- Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Nicola Tuveri (Nov 03)
- Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Kurt H Maier (Nov 03)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Sam James (Nov 03)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Sam James (Nov 03)
- Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Demi Marie Obenour (Nov 03)