diff options
| author | Pauli <pauli@openssl.org> | 2022-10-27 10:21:41 +1100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2022-11-01 17:43:55 +0100 |
| commit | 3b421ebc64c7b52f1b9feb3812bdc7781c784332 (patch) | |
| tree | 369de6d467a5d5d724646373835ca19416713e24 /crypto/punycode.c | |
| parent | 89d72311327735ef15c804d2adea84a0fb1bfa0a (diff) | |
Fix CVE-2022-3602 in punycode decoder.
An off by one error in the punycode decoder allowed for a single unsigned int
overwrite of a buffer which could cause a crash and possible code execution.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit fe3b639dc19b325846f4f6801f2f4604f56e3de3)
Diffstat (limited to 'crypto/punycode.c')
| -rw-r--r-- | crypto/punycode.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/punycode.c b/crypto/punycode.c index f6d7ff7960..f0796163e3 100644 --- a/crypto/punycode.c +++ b/crypto/punycode.c @@ -181,7 +181,7 @@ int ossl_punycode_decode(const char *pEncoded, const size_t enc_len, n = n + i / (written_out + 1); i %= (written_out + 1); - if (written_out > max_out) + if (written_out >= max_out) return 0; memmove(pDecoded + i + 1, pDecoded + i, |