[gnutls-devel] libtasn1 | Fix memory leak in asn1_array2tree() (#14)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Tue Jul 23 11:09:04 CEST 2019
Nikos Mavrogiannopoulos commented:
I think there are various levels of fuzzying for this project.
1. Input to be decoded by DER and BER decoders - `asn1_der_decoding2`
2. Input to simple BER and DER decoders - `asn1_decode_simple_d/ber`, `asn1_length_d/ber`
3. Input to the ASN.1 parser `asn1_parser2tree`
4. Intermediate input from `asn1_parser2array` to `asn1_array2tree`
To my understanding from what you write above what you are fuzzying is 4. That is, you are trying to make the `asn1_array2tree` strong even if the intermediate input from `asn1_parser2array` is maliciously modified right? I wouldn't say these are not important, but for a first phase, I'll focus on fixing bugs from 1-2 because these are the most common interfaces for this library.
Then I'd move to (3), and possibly to (4) as these bugs do not affect any applications I'm aware of.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/14#note_194702091
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190723/a888b6ec/attachment.html>
More information about the Gnutls-devel
mailing list