encoding/asn1: truncated ASN.1 with explicitly tagged elements can panic. #11154

agl · 2015-06-10T22:10:05Z

Thanks to Kyle Isom for fuzzing and finding that it's possible to panic encoding/asn1.Unmarshal when ASN.1 data is truncated after an explicit tag.

This can affect the parsing of various ASN.1 structures, most importantly X.509 certificates. TLS servers without client-authentication enabled (which is the vast majority of them) should be unaffected. Also, even with client-authentication enabled, calling code often catches and handles any panics.

TLS clients can be forced into panicking if the server sends a suitably crafted certificate.

gopherbot · 2015-06-10T23:00:21Z

CL https://golang.org/cl/10712 mentions this issue.

agl self-assigned this Jun 10, 2015

bradfitz changed the title ~~Truncated ASN.1 with explicitly tagged elements can panic.~~ encoding/asn1: truncated ASN.1 with explicitly tagged elements can panic. Jun 10, 2015

ianlancetaylor added this to the Go1.5 milestone Jun 10, 2015

agl closed this as completed in 38e3427 Jun 13, 2015

agl mentioned this issue Jun 13, 2015

encoding/asn1: index out of range #11129

Closed

golang locked and limited conversation to collaborators Jun 25, 2016

gopherbot added the FrozenDueToAge label Jun 25, 2016

rsc unassigned agl Jun 23, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

encoding/asn1: truncated ASN.1 with explicitly tagged elements can panic. #11154

encoding/asn1: truncated ASN.1 with explicitly tagged elements can panic. #11154

agl commented Jun 10, 2015

gopherbot commented Jun 10, 2015

encoding/asn1: truncated ASN.1 with explicitly tagged elements can panic. #11154

encoding/asn1: truncated ASN.1 with explicitly tagged elements can panic. #11154

Comments

agl commented Jun 10, 2015

gopherbot commented Jun 10, 2015