Actions
Bug #4298
closedssl : Integer underflow in ssl parsing SSLV3_HANDSHAKE_PROTOCOL
Affected Versions:
Effort:
Difficulty:
Label:
Description
Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28399
First we being parsing SSLV3_HANDSHAKE_PROTOCOL
We set message_start, bytes_processed and message_length in SSLv3ParseHandshakeProtocol
Then, we break out of this SSLV3_HANDSHAKE_PROTOCOL parsing because the other side of the connexion set SSL_AL_FLAG_CHANGE_CIPHER_SPEC
This leads to increasing bytes_processed at the end of SSLv3Decode
Then, we do not break anymore out of this SSLV3_HANDSHAKE_PROTOCOL parsing because the other side set SSL_AL_FLAG_STATE_CLIENT_HELLO
And bytes_processed is now over message_start + message_length
Updated by Jeff Lucovsky almost 4 years ago
- Copied from Bug #4233: ssl : Integer underflow in ssl parsing SSLV3_HANDSHAKE_PROTOCOL added
Updated by Victor Julien over 3 years ago
- Status changed from Assigned to In Progress
- Assignee changed from Shivani Bhardwaj to Victor Julien
Updated by Victor Julien over 3 years ago
- Status changed from In Progress to Closed
Actions