sivagopi059 at gmail.com
Fri Sep 16 07:09:30 UTC 2016
And a small understanding.
We are supplying buffer is about to 128 bytes to fill the converted message,
So, if the obj(ASN1_OBJECT) size is more than that(supplied buffer) size
OBJ_obj2txt will do truncate and will return the obj(ASN1_OBJECT) message
length. It results in more than 128(returned length) bytes. Because of this
crash is happening.
In which scenario the OBJ_obj2txt() truncates the supplied message.
View this message in context: http://openssl.6102.n7.nabble.com/CVE-2016-2180-tp67815p68392.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
More information about the openssl-users