[gnutls-devel] libtasn1 | Fix memory leak in asn1_array2tree() (#14)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Jul 23 11:09:04 CEST 2019




Nikos Mavrogiannopoulos commented:


I think there are various levels of fuzzying for this project.

 1. Input to be decoded by DER and BER decoders - `asn1_der_decoding2`
 2. Input to simple BER and DER decoders - `asn1_decode_simple_d/ber`, `asn1_length_d/ber`
 3. Input to the ASN.1 parser `asn1_parser2tree`
 4. Intermediate input from `asn1_parser2array` to `asn1_array2tree`

To my understanding from what you write above what you are fuzzying is 4. That is, you are trying to make the `asn1_array2tree` strong even if the intermediate input from `asn1_parser2array` is maliciously modified right? I wouldn't say these are not important, but for a first phase, I'll focus on fixing bugs from 1-2 because these are the most common interfaces for this library.

Then I'd move to (3), and possibly to (4) as these bugs do not affect any applications I'm aware of.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/14#note_194702091
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190723/a888b6ec/attachment.html>


More information about the Gnutls-devel mailing list