Fixes:
CVE-2016-4356 - Fix encoding of invalid utf-8 strings in
dn.c" and "read access out of bounds".
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes (no CVEs assigned yet):
* integer overflow in the DN decoder src/dn.c (append_quoted,
append_atv)
* integer overflow in the BER decoder src/ber-decoder.c (ber_decoder_s)
* denial of service due to stack overflow in src/ber-decoder.c
(push_decoder_state, pop_decoder_state)
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes a buffer overflow in ksba_oid_to_str.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>