PEM_read_PUBKEY does memory corruption on malformed input - security issue?
Sascha Dierberg
dierberg at dresearch-fe.de
Wed Oct 11 17:19:36 UTC 2023
Thanks for the reply, see
https://github.com/openssl/openssl/issues/22349 too.
Am 11.10.2023 um 17:43 schrieb Viktor Dukhovni:
> On Wed, Oct 11, 2023 at 10:12:48AM +0200, Sascha Dierberg wrote:
>
>> I am using PEM_read_PUBKEY to read following PEM from file:
>>
>> -----BEGIN PUBLIC KEY-----
>> MIIBIjANBgkqIBCgKCAQEA17SFrRcnYAjmxioP28zrouMe+CN0oQIDAQAB
>> -----END PUBLIC KEY-----
>>
>> The content is invalid - I know, but after that memory in program code is
>> corrupted. Functions they usually work fine does:
> Without posting the concrete code that attempts to read the file, no
> help is possible.
>
> - What inputs are you passing to the PEM_read_PUBKEY function?
> - How are the various inputs initialised?
> - What does your code do on error?
> - Just in case, though unlikely to matter, what version of OpenSSL
> are you using?
>
More information about the openssl-users
mailing list