projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4bae06d)
Fix CVE-2022-3602 in punycode decoder.
authorPauli <pauli@openssl.org>
Wed, 26 Oct 2022 23:21:41 +0000 (10:21 +1100)
committerTomas Mraz <tomas@openssl.org>
Tue, 1 Nov 2022 09:49:18 +0000 (10:49 +0100)
An off by one error in the punycode decoder allowed for a single unsigned int
overwrite of a buffer which could cause a crash and possible code execution.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
crypto/punycode.c patch | blob | history

diff --git a/crypto/punycode.c b/crypto/punycode.c
index 385b4b1df46a385312c3028c77d17a822200cc70..5e211af6d99dce676351e109d0d30637c6bc4c1c 100644 (file)
--- a/crypto/punycode.c
+++ b/crypto/punycode.c
@@ -181,7 +181,7 @@ int ossl_punycode_decode(const char *pEncoded, const size_t enc_len,
         n = n + i / (written_out + 1);
         i %= (written_out + 1);
 
-        if (written_out > max_out)
+        if (written_out >= max_out)
             return 0;
 
         memmove(pDecoded + i + 1, pDecoded + i,
Unnamed repository; edit this file 'description' to name the repository.