[gnutls-devel] libtasn1 | Potential Buffer Overrun in asn1_der_decoding2() (#50)

[Read-only notification of GnuTLS library development activities]

Gary Lin created an issue: https://gitlab.com/gnutls/libtasn1/-/issues/50



## Description of problem:

>From the grub2 [coverity report](https://lists.gnu.org/archive/html/grub-devel/2024-02/txtKIuUb5lf3O.txt), it raised a potential buffer overrun in asn1_der_decoding2():

```
________________________________________________________________________________________________________
*** CID 435766:  Memory - corruptions  (OVERRUN)
/grub-core/lib/libtasn1/lib/decoding.c: 1204 in asn1_der_decoding2()
1198     		}
1199     
1200     	      DECR_LEN (ider_len, len2);
1201     
1202     	      tlen = strlen (temp);
1203     	      if (tlen > 0)
>>>     CID 435766:  Memory - corruptions  (OVERRUN)
>>>     Allocating insufficient memory for the terminating null of the string.
1204     		_asn1_set_value (p, temp, tlen);
1205     
1206     	      counter += len2;
1207     	      move = RIGHT;
1208     	      break;
1209     	    case ASN1_ETYPE_OCTET_STRING:
```

However, this seems to be false positive since DER format doesn't need the terminating null. I'd need the confirmation from libtasn1 upstream.

## Version of libtasn1 used:

4.19

## Distributor of libtasn1 (e.g., Ubuntu, Fedora, RHEL)

Upstream official tarball

## How reproducible:

Steps to Reproduce:

* one
* two
* three

## Actual results:

## Expected results:

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/50
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240229/d24c224d/attachment-0001.html>