Fwd: Security issue (DoS) in Crypto++ ASN1 decoder
245 views
Skip to first unread message
Jeffrey Walton
Dec 12, 2016, 12:55:47 PM12/12/16
to Crypto++ Users List
FYI... We'll be asking for a CVE for the issue.
---------- Forwarded message ----------
From: Gergely Nagy <n...@tresorit.com>
Date: Mon, Dec 12, 2016 at 8:45 AM
Subject: Security issue (DoS) in Crypto++ ASN1 decoder
To: Jeffrey Walton <nolo...@gmail.com>
Cc: Tamás Koczka <koc...@tresorit.com>
Hi!
I have found a bug in several BERDecode* functions which could be used
for a DoS attack.
The issue is similar to CVE-2016-2109 in OpenSSL which was disclosed
in https://www.openssl.org/news/secadv/20160503.txt
Basically after the ASN1 decoder reads the length, it allocates a
SecByteBlock of that size before checking that there is enough data
available.
This can cause memory exhaustion on most platforms, but it has (in my
opinion) the worst effect on 64-bit Linux systems where the allocation
will succeed for huge sizes and then a BERDecodeError exception will
be thrown that causes the destructor of the SecByteBlock to be called,
which can hang the CPU for a really long time zeroing out memory.
I have attached a patch (for the current master branch) that fixes
this behavior in both versions of BERDecodeOctetString,
BERDecodeTextString,
BERDecodeBitString and BERDecodeUnsigned. I am not 100% sure that
there are no other places in the code with the same issue.
I don't know how you want to disclose this issue, but if you want to
assign a CVE number and release a new version before publicly
disclosing it
then we won't deploy our fix until then.
We will binary patch our software which includes a statically linked
Crypto++ after 30 days if we don't get a proper response.
When you disclose the issue please refer to me as "Gergely Nagy
(Tresorit)", and say that the bug was found using "honggfuzz".
Thanks,
Gergely Nagy (Tresorit)
---------- Forwarded message ----------
From: Gergely Nagy <n...@tresorit.com>
Date: Mon, Dec 12, 2016 at 8:45 AM
Subject: Security issue (DoS) in Crypto++ ASN1 decoder
To: Jeffrey Walton <nolo...@gmail.com>
Cc: Tamás Koczka <koc...@tresorit.com>
Hi!
I have found a bug in several BERDecode* functions which could be used
for a DoS attack.
The issue is similar to CVE-2016-2109 in OpenSSL which was disclosed
in https://www.openssl.org/news/secadv/20160503.txt
Basically after the ASN1 decoder reads the length, it allocates a
SecByteBlock of that size before checking that there is enough data
available.
This can cause memory exhaustion on most platforms, but it has (in my
opinion) the worst effect on 64-bit Linux systems where the allocation
will succeed for huge sizes and then a BERDecodeError exception will
be thrown that causes the destructor of the SecByteBlock to be called,
which can hang the CPU for a really long time zeroing out memory.
I have attached a patch (for the current master branch) that fixes
this behavior in both versions of BERDecodeOctetString,
BERDecodeTextString,
BERDecodeBitString and BERDecodeUnsigned. I am not 100% sure that
there are no other places in the code with the same issue.
I don't know how you want to disclose this issue, but if you want to
assign a CVE number and release a new version before publicly
disclosing it
then we won't deploy our fix until then.
We will binary patch our software which includes a statically linked
Crypto++ after 30 days if we don't get a proper response.
When you disclose the issue please refer to me as "Gergely Nagy
(Tresorit)", and say that the bug was found using "honggfuzz".
Thanks,
Gergely Nagy (Tresorit)
Jeffrey Walton
Dec 12, 2016, 4:13:59 PM12/12/16
to Crypto++ Users, nolo...@gmail.com
On Monday, December 12, 2016 at 12:55:47 PM UTC-5, Jeffrey Walton wrote:
FYI... We'll be asking for a CVE for the issue.
We requested a CVE on oss-security.
We are tracking this at https://github.com/weidai11/cryptopp/issues/346.
Jeff
Jeffrey Walton
Dec 12, 2016, 6:49:13 PM12/12/16
to Crypto++ Users, nolo...@gmail.com
CVE-2016-9939 was assigned for the issue.
Jeff
Jeffrey Walton
Dec 24, 2016, 5:44:09 AM12/24/16
to Crypto++ Users, nolo...@gmail.com
On Monday, December 12, 2016 at 12:55:47 PM UTC-5, Jeffrey Walton wrote:
FYI... We'll be asking for a CVE for the issue.
---------- Forwarded message ----------
From: Gergely Nagy <n...@tresorit.com>
Date: Mon, Dec 12, 2016 at 8:45 AM
Subject: Security issue (DoS) in Crypto++ ASN1 decoder
To: Jeffrey Walton <nolo...@gmail.com>
Cc: Tamás Koczka <koc...@tresorit.com>
Hi!
I have found a bug in several BERDecode* functions which could be used
for a DoS attack.
The issue is similar to CVE-2016-2109 in OpenSSL which was disclosed
in https://www.openssl.org/news/secadv/20160503.txt
Basically after the ASN1 decoder reads the length, it allocates a
SecByteBlock of that size before checking that there is enough data
available.
This can cause memory exhaustion on most platforms, but it has (in my
opinion) the worst effect on 64-bit Linux systems where the allocation
Tresorit's revised patch was committed at https://github.com/weidai11/cryptopp/commit/d0a6d43e16e4677d36bd0567978286938c1cfe6b.
The test cases for the issue was committed at https://github.com/weidai11/cryptopp/commit/7031fc7f6fb3c96ced8a1e86391d9bef2c007518.
We also improved parsing and validation in accordance with X.690 for some of the ASN.1 types at https://github.com/weidai11/cryptopp/commit/b19332a69fbd7b82f0e08c18f55a6880487d55e9.
We still have to improve parsing and validation in a couple of spots, like BERGeneralDecoder and Integer's decoder.
Jeff
Reply all
Reply to author
Forward
0 new messages