Opened 7 years ago
Closed 7 years ago
#9288 closed enhancement (fixed)
libtasn1-4.12
| Reported by: | Douglas R. Reno | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | 8.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version
Change History (3)
comment:1 by , 7 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 7 years ago
- Noteworthy changes in release 4.12 (released 2017-05-29) [stable]
- Corrected so-name version
- Noteworthy changes in release 4.11 (released 2017-05-27) [stable]
- Introduced the ASN1_TIME_ENCODING_ERROR error code to indicate an invalid encoding in the DER time fields.
- Introduced flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME. This flag allows decoding errors in time fields even when in strict DER mode. That is introduced in order to allow toleration of invalid times in X.509 certificates (which are common) even though strict DER adherence is enforced in other fields.
- Added safety check in asn1_find_node(). That prevents a crash when a very long variable name is provided by the developer. Note that this to be exploited requires controlling the ASN.1 definitions used by the developer, i.e., the 'name' parameter of asn1_write_value() or asn1_read_value(). The library is not designed to protect against malicious manipulation of the developer assigned variable names. Reported by Jakub Jirasek.
Note:
See TracTickets
for help on using tickets.
