Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 3b421ebc64c7b52f1b9feb3812bdc7781c784332 https://github.com/openssl/openssl/commit/3b421ebc64c7b52f1b9feb3812bdc7781c784332 Author: Pauli <pa...@openssl.org> Date: 2022-11-01 (Tue, 01 Nov 2022)
Changed paths: M crypto/punycode.c Log Message: ----------- Fix CVE-2022-3602 in punycode decoder. An off by one error in the punycode decoder allowed for a single unsigned int overwrite of a buffer which could cause a crash and possible code execution. Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Tomas Mraz <to...@openssl.org> (cherry picked from commit fe3b639dc19b325846f4f6801f2f4604f56e3de3) Commit: 680e65b94c916af259bfdc2e25f1ab6e0c7a97d6 https://github.com/openssl/openssl/commit/680e65b94c916af259bfdc2e25f1ab6e0c7a97d6 Author: Pauli <pa...@openssl.org> Date: 2022-11-01 (Tue, 01 Nov 2022) Changed paths: M crypto/punycode.c Log Message: ----------- Fix CVE-2022-3786 in punycode decoder. Fixed the ossl_a2ulabel() function which also contained a potential buffer overflow, albeit without control of the contents. This overflow could result in a crash (causing a denial of service). The function also did not NUL-terminate the output in some cases. The two issues fixed here were dentified and reported by Viktor Dukhovni while researching CVE-2022-3602. Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Tomas Mraz <to...@openssl.org> (cherry picked from commit c42165b5706e42f67ef8ef4c351a9a4c5d21639a) Commit: a0af4a3c8b18c435a5a4afb28b3ad1a2730e6ea8 https://github.com/openssl/openssl/commit/a0af4a3c8b18c435a5a4afb28b3ad1a2730e6ea8 Author: Pauli <pa...@openssl.org> Date: 2022-11-01 (Tue, 01 Nov 2022) Changed paths: M test/build.info A test/punycode_test.c A test/recipes/04-test_punycode.t Log Message: ----------- punycode: add unit tests These tests verify basic functionality and specifically test for CVE-2022-3602. Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Tomas Mraz <to...@openssl.org> (cherry picked from commit f0f530216bf93e9cdc9c2c9e3c095229d216da15) Compare: https://github.com/openssl/openssl/compare/89d723113277...a0af4a3c8b18