PEM_read_PUBKEY does memory corruption on malformed input - security issue?
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Oct 11 15:43:11 UTC 2023
On Wed, Oct 11, 2023 at 10:12:48AM +0200, Sascha Dierberg wrote:
> I am using PEM_read_PUBKEY to read following PEM from file:
>
> -----BEGIN PUBLIC KEY-----
> MIIBIjANBgkqIBCgKCAQEA17SFrRcnYAjmxioP28zrouMe+CN0oQIDAQAB
> -----END PUBLIC KEY-----
>
> The content is invalid - I know, but after that memory in program code is
> corrupted. Functions they usually work fine does:
Without posting the concrete code that attempts to read the file, no
help is possible.
- What inputs are you passing to the PEM_read_PUBKEY function?
- How are the various inputs initialised?
- What does your code do on error?
- Just in case, though unlikely to matter, what version of OpenSSL
are you using?
--
Viktor.
More information about the openssl-users
mailing list