_asn1_expand_object_id uses null pointer as string

help-libtasn1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

_asn1_expand_object_id uses null pointer as string

From:	Pascal Cuoq
Subject:	_asn1_expand_object_id uses null pointer as string
Date:	Thu, 7 Apr 2016 10:03:38 +0000

Here is a minor issue with no security consequences (the description file is 
not usually under the control of an attacker).

With the specially crafted ASN.1 description attached to this message, using 
the current git version, the function _asn1_expand_object_id, at line 797, 
passes a null pointer as p4->value to the function _asn1_str_cat, which expects 
a pointer to a string: 
http://git.savannah.gnu.org/cgit/libtasn1.git/tree/lib/parser_aux.c?id=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625#n797

The callstack at the point of the crash is:

stack: strlen :: lib/gstr.c:34 <-
        _asn1_str_cat :: lib/parser_aux.c:797 <-
        _asn1_expand_object_id :: ASN1.y:704 <-
        asn1_parser2tree :: src/asn1Decoding.c:155 <-
        main

The commandline to reproduce is:

src/asn1Decoding null_string.asn null_string.asn PKIX1.Certificate

null_string.asn
Description: null_string.asn

ATT00001.txt
Description: ATT00001.txt

[Prev in Thread]

Current Thread

[Next in Thread]

_asn1_expand_object_id uses null pointer as string, Pascal Cuoq <=
- Re: _asn1_expand_object_id uses null pointer as string, Nikos Mavrogiannopoulos, 2016/04/08

Prev by Date: Various X509 certificate files for testing libtasn1
Next by Date: Re: _asn1_expand_object_id uses null pointer as string
Previous by thread: Various X509 certificate files for testing libtasn1
Next by thread: Re: _asn1_expand_object_id uses null pointer as string
Index(es):
- Date
- Thread