Fix CVE-2022-3602 in punycode decoder.

An off by one error in the punycode decoder allowed for a single unsigned int
overwrite of a buffer which could cause a crash and possible code execution.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
This commit is contained in:
Pauli 2022-10-27 10:21:41 +11:00 committed by Tomas Mraz
parent 4bae06d47a
commit fe3b639dc1

View File

@ -181,7 +181,7 @@ int ossl_punycode_decode(const char *pEncoded, const size_t enc_len,
n = n + i / (written_out + 1);
i %= (written_out + 1);
if (written_out > max_out)
if (written_out >= max_out)
return 0;
memmove(pDecoded + i + 1, pDecoded + i,