Source:

Internal

Info:

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2806

Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows 

remote attackers to have unspecified impact via unknown vectors.

Status:

Need to determine if this patch has been sent upstream.

--- libtasn1-2.8/lib/parser_aux.c.orig	2015-04-15 12:36:59.603251259 +0530

+++ libtasn1-2.8/lib/parser_aux.c	2015-04-15 12:38:34.145677358 +0530

@@ -580,7 +580,7 @@ _asn1_delete_list_and_nodes (void)

 char *

-_asn1_ltostr (long v, char *str)

+_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE])

 {

   long d, r;

   char temp[20];

@@ -604,7 +604,7 @@ _asn1_ltostr (long v, char *str)

       count++;

       v = d;

     }

-  while (v);

+  while (v && ((start+count) < LTOSTR_MAX_SIZE-1));

   for (k = 0; k < count; k++)

     str[k + start] = temp[start + count - k - 1];

--- libtasn1-2.8/lib/parser_aux.h.orig	2015-04-15 12:38:41.020519734 +0530

+++ libtasn1-2.8/lib/parser_aux.h	2015-04-15 12:40:23.768693524 +0530

@@ -63,7 +63,9 @@ void _asn1_delete_list (void);

 void _asn1_delete_list_and_nodes (void);

-char *_asn1_ltostr (long v, char *str);

+/* Max 64-bit integer length is 20 chars + 1 for sign + 1 for null termination */

+#define LTOSTR_MAX_SIZE 22

+char *_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE]);

 ASN1_TYPE _asn1_find_up (ASN1_TYPE node);