[openssl-dev] [openssl.org #4651] [BUG] malloc_failure in ASN1_D2I_READ_BIO with large smime encoded file
Stephen Henson via RT
rt at openssl.org
Wed Aug 17 22:54:59 UTC 2016
On Wed Aug 17 18:16:41 2016, bmorton at mortoninsights.com wrote:
> That doesn't sound like an ideal case for a bugfix. Any other creative
> ideas on how to fix this one? Some suggestions I read previously included
> adding support for streaming decode to avoid such a large memory
> allocation. This may not easily be feasible because of needing to verify
> signatures on the message.
>
A streaming decode is one option but this is far from a trivial undertaking,
Verifying signatures would be handled on the fly but you'll only know the
signature is valid after all content has been processed of course.
> If not, I'll try out the size_t change.
>
This is a significant job too. There is a major knock on effect with several
APIs so it's not just a case of changing a few structures or we'd have done it
already. It is planned for a future release though.
As RIch mentioned one of the key structures has a dependency on int which is
often 32 bits even on 64 bit systems.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4651
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list