oss-sec mailing list archives
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)
From: Tavis Ormandy <taviso () cmpxchg8b com>
Date: Tue, 24 Apr 2012 16:26:38 +0200
On Sun, Apr 22, 2012 at 07:44:56PM +0400, Solar Designer wrote:
With this one, I am able to trigger a problem on 32-bit (OpenSSL 1.0.0d with unrelated patches): $ zcat openssl-1.0.1-testcase-32bit.crt.gz | openssl x509 -inform DER *** glibc detected *** free(): invalid pointer: 0x45ff0008 *** Aborted That's in an OpenVZ container with privvmpages barrier at 3 GB. With 2 GB, I was getting: $ zcat openssl-1.0.1-testcase-32bit.crt.gz | openssl x509 -inform DER unable to load certificate 3083651232:error:07069041:memory buffer routines:BUF_MEM_grow_clean:malloc failure:buffer.c:152: 3083651232:error:0D06B041:asn1 encoding routines:ASN1_D2I_READ_BIO:malloc failure:a_d2i_fp.c:229: Alexander
Interesting, I think it should be possible to construct a testcase that requires less memory, the total input must be quite large, but it can be split into smaller components that don't require large allocations. Tavis. -- ------------------------------------- taviso () cmpxchg8b com | pgp encrypted mail preferred -------------------------------------------------------
Current thread:
- OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 20)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 22)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 22)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Tomas Hoger (Apr 24)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Tavis Ormandy (Apr 24)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 24)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 22)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Tavis Ormandy (Apr 24)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 22)