projects / BearSSL / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3d9be2f) | patch
Fixed chunked decoding in case of errors (if decoding failed at some point, subsequen... master
authorThomas Pornin <thomas.pornin@nccgroup.com>
Sat, 4 Apr 2026 15:18:55 +0000 (11:18 -0400)
committerThomas Pornin <thomas.pornin@nccgroup.com>
Sat, 4 Apr 2026 15:18:55 +0000 (11:18 -0400)
commit3479195d052cc59db5358730ff3ad829abb7aced
treec9b518d87a363bed0e73941daee58fafc7ed9a45tree | snapshot
parent3d9be2f60b7764e46836514bcd6e453abdfa864acommit | diff
Fixed chunked decoding in case of errors (if decoding failed at some point, subsequent chunks should be ignored, trying to reenter the decoder after a failure is a recipe for Bad Thing). Impacted functions were not used over malicious on-the-wire data for "normal" SSL/TLS usage.

Bug was reported by Thai Duong at Calif.io (apparently using some AI from Anthropic Research).
src/x509/skey_decoder.c diff | blob | history
src/x509/skey_decoder.t0 diff | blob | history
src/x509/x509_decoder.c diff | blob | history
src/x509/x509_decoder.t0 diff | blob | history
The BearSSL library and tools.