PEM_read_PUBKEY does memory corruption on malformed input - security issue?

[Sascha Dierberg]

Hello openssl users,

I amusing PEM_read_PUBKEY to read following PEM from file:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqIBCgKCAQEA17SFrRcnYAjmxioP28zrouMe+CN0oQIDAQAB
-----END PUBLIC KEY-----

The content is invalid - I know, but after that memory in program code is
corrupted. Functions they usually work fine does:

(process:12463): libsoup-CRITICAL **: 07:05:00.453:
soup_connection_get_ever_used: assertion 'SOUP_IS_CONNECTION (conn)' failed
(process:12463): libsoup-WARNING **: 07:05:06.026:
(../libsoup-2.74.2/libsoup/soup-session.c:2023):soup_session_process_queue_item:
runtime check failed: (item->new_api)

Any recommendations? Help would be appreciated.

Thanks in advance - Sascha

-- 
Mit freundlichen Grüßen • With best regards - Sascha Dierberg Senior
Software Engineer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20231011/2e2e65e5/attachment.htm>