Fix CVE-2022-3786 in punycode decoder.
authorPauli <pauli@openssl.org>
Wed, 26 Oct 2022 23:22:47 +0000 (10:22 +1100)
committerTomas Mraz <tomas@openssl.org>
Tue, 1 Nov 2022 09:49:18 +0000 (10:49 +0100)
commitc42165b5706e42f67ef8ef4c351a9a4c5d21639a
treec7d42a14c7edb88971fb1f8feb8353870b242ffc
parentfe3b639dc19b325846f4f6801f2f4604f56e3de3
Fix CVE-2022-3786 in punycode decoder.

Fixed the ossl_a2ulabel() function which also contained a potential
buffer overflow, albeit without control of the contents.
This overflow could result in a crash (causing a denial of service).

The function also did not NUL-terminate the output in some cases.

The two issues fixed here were dentified and reported
by Viktor Dukhovni while researching CVE-2022-3602.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
crypto/punycode.c