[openssl/openssl] 3b421e: Fix CVE-2022-3602 in punycode decoder.

Pauli noreply at github.com
Tue Nov 1 16:46:55 UTC 2022 

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 3b421ebc64c7b52f1b9feb3812bdc7781c784332
      https://github.com/openssl/openssl/commit/3b421ebc64c7b52f1b9feb3812bdc7781c784332
  Author: Pauli <pauli at openssl.org>
  Date:   2022-11-01 (Tue, 01 Nov 2022)

  Changed paths:
    M crypto/punycode.c

  Log Message:
  -----------
  Fix CVE-2022-3602 in punycode decoder.

An off by one error in the punycode decoder allowed for a single unsigned int
overwrite of a buffer which could cause a crash and possible code execution.

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(cherry picked from commit fe3b639dc19b325846f4f6801f2f4604f56e3de3)


  Commit: 680e65b94c916af259bfdc2e25f1ab6e0c7a97d6
      https://github.com/openssl/openssl/commit/680e65b94c916af259bfdc2e25f1ab6e0c7a97d6
  Author: Pauli <pauli at openssl.org>
  Date:   2022-11-01 (Tue, 01 Nov 2022)

  Changed paths:
    M crypto/punycode.c

  Log Message:
  -----------
  Fix CVE-2022-3786 in punycode decoder.

Fixed the ossl_a2ulabel() function which also contained a potential
buffer overflow, albeit without control of the contents.
This overflow could result in a crash (causing a denial of service).

The function also did not NUL-terminate the output in some cases.

The two issues fixed here were dentified and reported
by Viktor Dukhovni while researching CVE-2022-3602.

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(cherry picked from commit c42165b5706e42f67ef8ef4c351a9a4c5d21639a)


  Commit: a0af4a3c8b18c435a5a4afb28b3ad1a2730e6ea8
      https://github.com/openssl/openssl/commit/a0af4a3c8b18c435a5a4afb28b3ad1a2730e6ea8
  Author: Pauli <pauli at openssl.org>
  Date:   2022-11-01 (Tue, 01 Nov 2022)

  Changed paths:
    M test/build.info
    A test/punycode_test.c
    A test/recipes/04-test_punycode.t

  Log Message:
  -----------
  punycode: add unit tests

These tests verify basic functionality and specifically test for
CVE-2022-3602.

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(cherry picked from commit f0f530216bf93e9cdc9c2c9e3c095229d216da15)


Compare: https://github.com/openssl/openssl/compare/89d723113277...a0af4a3c8b18

More information about the openssl-commits mailing list