Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PKCS7 parser accepts invalid messages #6671

Closed
DemiMarie opened this issue Nov 28, 2022 · 0 comments · Fixed by #7077
Closed

PKCS7 parser accepts invalid messages #6671

DemiMarie opened this issue Nov 28, 2022 · 0 comments · Fixed by #7077

Comments

@DemiMarie
Copy link
Contributor

Summary

I found various bugs in the PKCS7 parser. These are not the memory safety problems found by OSS-Fuzz, but rather cases where the code did not conform to the standard or had an API that was virtually unusable.

System information

Mbed TLS version (number or commit id): 590ae53
Operating system and version: All
Configuration (if not default, please attach mbedtls_config.h): Default
Compiler and options (if you used a pre-built binary, please indicate how you obtained it): N/A
Additional environment information: This was found by manual source review

Expected behavior

PKCS7 parser rejects invald messages and provides a way to obtain the signed data.

Actual behavior

PKCS7 parser accepts invald messages and does not provide a way to obtain the signed data.

Steps to reproduce

Review the source code.

Additional information

I have a patch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants