You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I found various bugs in the PKCS7 parser. These are not the memory safety problems found by OSS-Fuzz, but rather cases where the code did not conform to the standard or had an API that was virtually unusable.
System information
Mbed TLS version (number or commit id): 590ae53
Operating system and version: All
Configuration (if not default, please attach mbedtls_config.h): Default
Compiler and options (if you used a pre-built binary, please indicate how you obtained it): N/A
Additional environment information: This was found by manual source review
Expected behavior
PKCS7 parser rejects invald messages and provides a way to obtain the signed data.
Actual behavior
PKCS7 parser accepts invald messages and does not provide a way to obtain the signed data.
Steps to reproduce
Review the source code.
Additional information
I have a patch.
The text was updated successfully, but these errors were encountered:
Summary
I found various bugs in the PKCS7 parser. These are not the memory safety problems found by OSS-Fuzz, but rather cases where the code did not conform to the standard or had an API that was virtually unusable.
System information
Mbed TLS version (number or commit id): 590ae53
Operating system and version: All
Configuration (if not default, please attach
mbedtls_config.h
): DefaultCompiler and options (if you used a pre-built binary, please indicate how you obtained it): N/A
Additional environment information: This was found by manual source review
Expected behavior
PKCS7 parser rejects invald messages and provides a way to obtain the signed data.
Actual behavior
PKCS7 parser accepts invald messages and does not provide a way to obtain the signed data.
Steps to reproduce
Review the source code.
Additional information
I have a patch.
The text was updated successfully, but these errors were encountered: