[gnutls-devel] libtasn1 | _asn1_expand_object_id: added safety against use after free (!51)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Oct 30 18:12:25 CET 2019

Tim Rühsen commented:

@nmav Nikos, I'm so sorry for being so busy with other things - but it looks like it doesn't stop soon.

How much work is it to address all the issues at https://oss-fuzz.com/testcases?project=libtasn1&open=yes ?

>From what I can say, most issues arise from recursive ASN.1 definitions. Level 1 recursion (A refers B, B refers A) seems to be handled. But deeper recursion seems to be a problem (A refers B, B refers C, C refers A). But this is just a wild guess after doing some tests in summer.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/51#note_238010029
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191030/99e4af34/attachment-0001.html>

More information about the Gnutls-devel mailing list