projects / platform / upstream / libtasn1.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ad4da44) | patch
Fix CVE-2017-10790 vulnerability 11/153911/2 accepted/tizen/unified/20171011.150545 submit/tizen/20171005.115455
authorPawel Kowalski <p.kowalski2@partner.samsung.com>
Tue, 3 Oct 2017 09:23:45 +0000 (11:23 +0200)
committerPawel Kowalski <p.kowalski2@partner.samsung.com>
Tue, 3 Oct 2017 09:40:22 +0000 (11:40 +0200)
commit52e10d8471cd9e6572d85b4bf15e599bc60b3ce5
tree93ea034905128ff8c5ee34104b2309ce511a274ftree | snapshot
parentad4da44b187d499978846cf66ffdfe081568e796commit | diff
Fix CVE-2017-10790 vulnerability

The patch fixes CVE-2017-10790 vulnerability:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790
https://bugzilla.redhat.com/show_bug.cgi?id=1464141#c5
The _asn1_check_identifier function caused a NULL pointer dereference
and crashed when a NULL value was assigned to value member in
asn1_node. It could lead to a remote DOS attack.

(cherry-picked from upstream d8d805e1f2e6799bb2dff4871a8598dc83088a39)

Change-Id: I4136fe2df14980581cfdc6ec619742967449349c
lib/parser_aux.c diff | blob | history
Domain: Security / Utilities;