Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Danaj/unsafe decoding #15

Merged
merged 2 commits into from
May 23, 2021
Merged

Danaj/unsafe decoding #15

merged 2 commits into from
May 23, 2021

Conversation

danaj
Copy link
Contributor

@danaj danaj commented Oct 29, 2013

Fix for issue 14: "Unsafe decoding creates infinite loop".

Version 0.26 on CPAN is missing both position checks. The commit a year ago for issue 8 added one of them. This adds the other.

I did not add anything to the tests. Issue 14 has a simple test shown.

These changes should help with RT 27574 for Convert::PEM.

@danaj
Copy link
Contributor Author

danaj commented Oct 12, 2017

I believe this PR is still valid. The example shown in issue 14 still goes into an infinite loop with 0.27, but does not with this change.

This bug is hit by Convert::PEM's test suite, making a number of crypto modules dodgy to install.

@carnil carnil mentioned this pull request Apr 11, 2020
Closed
gentoo-bot pushed a commit to gentoo/gentoo that referenced this pull request Jun 28, 2020
@kentfredric
dev-perl/Convert-ASN1: -r bump for CVE-2013-7488 bug #716680
9dc32f9 
- EAPI7
- Remove empty/unused variable assignments
- Add patch submitted to upstream repo to remedy CVE-2013-7488

Bug: https://bugs.gentoo.org/716680
Bug: gbarr/perl-Convert-ASN1#15
Bug: gbarr/perl-Convert-ASN1#14
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1821879
Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Kent Fredric <kentnl@gentoo.org>
NeddySeagoon pushed a commit to NeddySeagoon/gentoo-arm64 that referenced this pull request Jun 29, 2020
@kentfredric @NeddySeagoon
dev-perl/Convert-ASN1: -r bump for CVE-2013-7488 bug #716680
fa1b9f9 
- EAPI7
- Remove empty/unused variable assignments
- Add patch submitted to upstream repo to remedy CVE-2013-7488

Bug: https://bugs.gentoo.org/716680
Bug: gbarr/perl-Convert-ASN1#15
Bug: gbarr/perl-Convert-ASN1#14
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1821879
Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Kent Fredric <kentnl@gentoo.org>
timlegge added a commit to timlegge/perl-Convert-ASN1 that referenced this pull request May 21, 2021
@timlegge
Merge gbarr#15 - Fixes gbarr#15 unsafe decoding CVE-2013-7488
033538b 
From ce148a2 Mon Sep 17 00:00:00 2001
From: Dana Jacobsen <dana@acm.org>
Date: Tue, 29 Oct 2013 08:37:48 -0700
Subject: [PATCH 1/2] Fix unsafe decoding in indef case

From 8125d99 Mon Sep 17 00:00:00 2001
From: Dana Jacobsen <dana@acm.org>
Date: Tue, 29 Oct 2013 08:53:09 -0700
Subject: [PATCH 2/2] Add second part of position check
timlegge added a commit to timlegge/perl-Convert-ASN1 that referenced this pull request May 21, 2021
@timlegge
Merge gbarr#15 - Fixes gbarr#15 unsafe decoding CVE-2013-7488
4bd691c 
From ce148a2 Mon Sep 17 00:00:00 2001
From: Dana Jacobsen <dana@acm.org>
Date: Tue, 29 Oct 2013 08:37:48 -0700
Subject: [PATCH 1/2] Fix unsafe decoding in indef case

From 8125d99 Mon Sep 17 00:00:00 2001
From: Dana Jacobsen <dana@acm.org>
Date: Tue, 29 Oct 2013 08:53:09 -0700
Subject: [PATCH 2/2] Add second part of position check
timlegge added a commit to timlegge/perl-Convert-ASN1 that referenced this pull request May 21, 2021
@timlegge
Merge gbarr#15 - Fixes gbarr#15 unsafe decoding CVE-2013-7488
5141b98 
From ce148a2 Mon Sep 17 00:00:00 2001
From: Dana Jacobsen <dana@acm.org>
Date: Tue, 29 Oct 2013 08:37:48 -0700
Subject: [PATCH 1/2] Fix unsafe decoding in indef case

From 8125d99 Mon Sep 17 00:00:00 2001
From: Dana Jacobsen <dana@acm.org>
Date: Tue, 29 Oct 2013 08:53:09 -0700
Subject: [PATCH 2/2] Add second part of position check
@timlegge timlegge self-assigned this May 22, 2021
@timlegge timlegge added this to the 0.28-TRIAL milestone May 22, 2021
@timlegge timlegge linked an issue May 22, 2021 that may be closed by this pull request
Unsafe decoding creates infinite loop #14
Closed
@timlegge timlegge merged commit 108e784 into gbarr:master May 23, 2021
timlegge added a commit to timlegge/perl-Convert-ASN1 that referenced this pull request May 23, 2021
@timlegge
Merge gbarr#15 - Fixes gbarr#15 unsafe decoding CVE-2013-7488
4b76e36 
From ce148a2 Mon Sep 17 00:00:00 2001
From: Dana Jacobsen <dana@acm.org>
Date: Tue, 29 Oct 2013 08:37:48 -0700
Subject: [PATCH 1/2] Fix unsafe decoding in indef case

From 8125d99 Mon Sep 17 00:00:00 2001
From: Dana Jacobsen <dana@acm.org>
Date: Tue, 29 Oct 2013 08:53:09 -0700
Subject: [PATCH 2/2] Add second part of position check
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@timlegge timlegge

Labels
None yet
Projects
None yet
Milestone
0.28-TRIAL
Development

Successfully merging this pull request may close these issues.

Unsafe decoding creates infinite loop
2 participants
@danaj @timlegge