forked from rpms/openssl
6dc7017559
- fix CVE-2006-2940 - parasitic public keys DoS (#207274) - fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940) - fix CVE-2006-4343 - sslv2 client DoS (#206940)
26 lines
1022 B
Diff
26 lines
1022 B
Diff
Dr S N Henson of the OpenSSL core team and Open Network Security
|
|
recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When
|
|
the test suite was run against OpenSSL two denial of service
|
|
vulnerabilities were discovered.
|
|
|
|
During the parsing of certain invalid ASN1 structures an error
|
|
condition is mishandled. This can result in an infinite loop which
|
|
consumes system memory. CVE-2006-2938
|
|
|
|
Any code which uses OpenSSL to parse ASN1 data from untrusted sources is
|
|
affected. This includes SSL servers which enable client authentication
|
|
and S/MIME applications.
|
|
|
|
This issue affects 0.9.7 and 0.9.8 but not 0.9.6 and earlier
|
|
|
|
--- openssl-0.9.8b/crypto/asn1/tasn_dec.c.asn1-error 2006-02-19 14:45:22.000000000 +0100
|
|
+++ openssl-0.9.8b/crypto/asn1/tasn_dec.c 2006-09-25 12:01:14.000000000 +0200
|
|
@@ -832,6 +832,7 @@
|
|
}
|
|
else if (ret == -1)
|
|
return -1;
|
|
+ ret = 0;
|
|
/* SEQUENCE, SET and "OTHER" are left in encoded form */
|
|
if ((utype == V_ASN1_SEQUENCE)
|
|
|| (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER))
|