[Pkg-openssl-devel] Bug#675436: openssl: Buffer overflow vulnerability
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Sun Mar 13 15:40:58 UTC 2016
I tried to reproduce the bug and before that I look at
PEM_def_callback() / EVP_read_pw_string_min() where the input password
is read / checked for valid length. The limit is sometimes 1024 sometimes
larger but it never overwrites anything.
I tried various tests ala
openssl x509 -days 3650 -CA cacert.pem -CAkey cakey.pem -req -in \
cert-req.pem -outform PEM -out cert.pem -CAserial serial \
-passin $PASS
with $PASS in "pass:, env: file: and fd:" and a length of 4101 and 9101
bytes (x…x + \n) and never saw stack-protector screaming up.
There are no additional information in the bugtraq report [0] or here. If
there was something it might have been fixed by now. At least I can't find
any evidence in current version.
Any reason not to close this bug?
[0] http://seclists.org/bugtraq/2012/May/155
Sebastian
More information about the Pkg-openssl-devel
mailing list