Skip to content

Commit

Permalink
Release 0.7.3. (#75)
Browse files Browse the repository at this point in the history 
This release fixes a number of decoding issues that can lead to panics on
invalid input data. They have been assigned CVE-2023-39914.

Bug fixes

* Fixes various decoding that lead to a panic on invalid data.
  Specifically:
    * error out rather than panic when a nested value has a greater length
      than allowed by the outer value,
    * check that there is enough data available before skipping over a
      primitive value’s content,
    * check that enough data is available before trying to parse a tag value,
    * check for correct encoding of bit strings: don’t allow the number of
      unused bits to be greater than 7 and that they are zero for an empty
      bit string,
    * check for correct encoding of object identifiers: they cannot be empty
      and the last byte must have bit 7 cleared.
  • Loading branch information
@partim
partim authored Sep 13, 2023
1 parent 4da91c3 commit 6a7250a
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 5 deletions.
2 changes: 1 addition & 1 deletion Cargo.toml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "bcder"
version = "0.7.3-dev"
version = "0.7.3"
edition = "2018"
authors = ["The NLnet Labs RPKI Team <rpki-team@nlnetlabs.nl>"]
description = "Handling of data encoded in BER, CER, and DER."
Expand Down
20 changes: 16 additions & 4 deletions Changelog.md
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,26 @@
# Change Log

## Unreleased next version
## 0.7.3

Breaking changes
Release 2023-09-13.

New
This release fixes a number of decoding issues that can lead to panics on
invalid input data. They have been assigned CVE-2023-39914.

Bug fixes

Other changes
* Fixes various decoding that lead to a panic on invalid data.
Specifically:
* error out rather than panic when a nested value has a greater length
than allowed by the outer value,
* check that there is enough data available before skipping over a
primitive value’s content,
* check that enough data is available before trying to parse a tag value,
* check for correct encoding of bit strings: don’t allow the number of
unused bits to be greater than 7 and that they are zero for an empty
bit string,
* check for correct encoding of object identifiers: they cannot be empty
and the last byte must have bit 7 cleared.


## 0.7.2
Expand Down

0 comments on commit 6a7250a

Please sign in to comment.