summaryrefslogtreecommitdiffstats
path: root/crypto/punycode.c
AgeCommit message (Collapse)Author
2022-11-01Update copyright yearTomas Mraz
Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
2022-11-01Fix CVE-2022-3786 in punycode decoder.Pauli
Fixed the ossl_a2ulabel() function which also contained a potential buffer overflow, albeit without control of the contents. This overflow could result in a crash (causing a denial of service). The function also did not NUL-terminate the output in some cases. The two issues fixed here were dentified and reported by Viktor Dukhovni while researching CVE-2022-3602. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
2022-11-01Fix CVE-2022-3602 in punycode decoder.Pauli
An off by one error in the punycode decoder allowed for a single unsigned int overwrite of a buffer which could cause a crash and possible code execution. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
2020-10-15Update copyright yearMatt Caswell
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13144)
2020-08-26Punycode decoding implementationDmitry Belyavskiy
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9654)
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-27 12:11:16 +0000