projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
4bae06d
)
Fix CVE-2022-3602 in punycode decoder.
author
Pauli
<pauli@openssl.org>
Wed, 26 Oct 2022 23:21:41 +0000
(10:21 +1100)
committer
Tomas Mraz
<tomas@openssl.org>
Tue, 1 Nov 2022 09:49:18 +0000
(10:49 +0100)
An off by one error in the punycode decoder allowed for a single unsigned int
overwrite of a buffer which could cause a crash and possible code execution.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
crypto/punycode.c
patch
|
blob
|
history
diff --git
a/crypto/punycode.c
b/crypto/punycode.c
index 385b4b1df46a385312c3028c77d17a822200cc70..5e211af6d99dce676351e109d0d30637c6bc4c1c 100644
(file)
--- a/
crypto/punycode.c
+++ b/
crypto/punycode.c
@@
-181,7
+181,7
@@
int ossl_punycode_decode(const char *pEncoded, const size_t enc_len,
n = n + i / (written_out + 1);
i %= (written_out + 1);
- if (written_out > max_out)
+ if (written_out >
=
max_out)
return 0;
memmove(pDecoded + i + 1, pDecoded + i,