[gnutls-devel] libtasn1 | Fix memory leak in asn1_array2tree() (#14)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Jul 23 11:09:04 CEST 2019

Nikos Mavrogiannopoulos commented:

I think there are various levels of fuzzying for this project.

 1. Input to be decoded by DER and BER decoders - `asn1_der_decoding2`
 2. Input to simple BER and DER decoders - `asn1_decode_simple_d/ber`, `asn1_length_d/ber`
 3. Input to the ASN.1 parser `asn1_parser2tree`
 4. Intermediate input from `asn1_parser2array` to `asn1_array2tree`

To my understanding from what you write above what you are fuzzying is 4. That is, you are trying to make the `asn1_array2tree` strong even if the intermediate input from `asn1_parser2array` is maliciously modified right? I wouldn't say these are not important, but for a first phase, I'll focus on fixing bugs from 1-2 because these are the most common interfaces for this library.

Then I'd move to (3), and possibly to (4) as these bugs do not affect any applications I'm aware of.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/14#note_194702091
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190723/a888b6ec/attachment.html>

More information about the Gnutls-devel mailing list