[openssl/openssl] 0d50c5: Fix CVE-2022-3602 in punycode decoder.

Tomáš Mráz noreply at github.com
Tue Nov 1 16:40:57 UTC 2022 

  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: 0d50c5e28853e8ffafbf1d68cc8670d53e98dd5b
      https://github.com/openssl/openssl/commit/0d50c5e28853e8ffafbf1d68cc8670d53e98dd5b
  Author: Pauli <pauli at openssl.org>
  Date:   2022-11-01 (Tue, 01 Nov 2022)

  Changed paths:
    M crypto/punycode.c

  Log Message:
  -----------
  Fix CVE-2022-3602 in punycode decoder.

An off by one error in the punycode decoder allowed for a single unsigned int
overwrite of a buffer which could cause a crash and possible code execution.

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(cherry picked from commit fe3b639dc19b325846f4f6801f2f4604f56e3de3)


  Commit: 4af7a0e48f48e5fb15bc3243ae9b135957c0236f
      https://github.com/openssl/openssl/commit/4af7a0e48f48e5fb15bc3243ae9b135957c0236f
  Author: Pauli <pauli at openssl.org>
  Date:   2022-11-01 (Tue, 01 Nov 2022)

  Changed paths:
    M crypto/punycode.c

  Log Message:
  -----------
  Fix CVE-2022-3786 in punycode decoder.

Fixed the ossl_a2ulabel() function which also contained a potential
buffer overflow, albeit without control of the contents.
This overflow could result in a crash (causing a denial of service).

The function also did not NUL-terminate the output in some cases.

The two issues fixed here were dentified and reported
by Viktor Dukhovni while researching CVE-2022-3602.

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(cherry picked from commit c42165b5706e42f67ef8ef4c351a9a4c5d21639a)


  Commit: 355be308eb25614dc743fc30c6b6f1b2a447d30f
      https://github.com/openssl/openssl/commit/355be308eb25614dc743fc30c6b6f1b2a447d30f
  Author: Pauli <pauli at openssl.org>
  Date:   2022-11-01 (Tue, 01 Nov 2022)

  Changed paths:
    M test/build.info
    A test/punycode_test.c
    A test/recipes/04-test_punycode.t

  Log Message:
  -----------
  punycode: add unit tests

These tests verify basic functionality and specifically test for
CVE-2022-3602.

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(cherry picked from commit f0f530216bf93e9cdc9c2c9e3c095229d216da15)


  Commit: 5e244a93778a59e756f626e3135455923ce29a22
      https://github.com/openssl/openssl/commit/5e244a93778a59e756f626e3135455923ce29a22
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2022-11-01 (Tue, 01 Nov 2022)

  Changed paths:
    M CHANGES.md
    M NEWS.md

  Log Message:
  -----------
  Update CHANGES.md and NEWS.md for new release

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(cherry picked from commit cf889ec8d9e9bb89f012b4e610c702e2656674fd)


Compare: https://github.com/openssl/openssl/compare/f1b7a6c24750...5e244a93778a

More information about the openssl-commits mailing list