Keep watch for DoS resolution in weidai11/cryptopp#346
Created by: anonimal
By submitting this issue, I confirm the following:
- I have read and understood the contributor guide.
- I have checked that the issue I am reporting can be replicated or that the feature I am suggesting is not present.
- I have checked opened or recently closed pull requests for existing solutions/implementations to my issue/suggestion.
Place an X inside the bracket to confirm
-
I confirm.
From https://github.com/weidai11/cryptopp/issues/346:
I have attached a patch (for the current master branch) that fixes this behavior in both versions of BERDecodeOctetString, BERDecodeTextString, BERDecodeBitString and BERDecodeUnsigned. I am not 100% sure that there are no other places in the code with the same issue.
We use BERDecodeTextString
and BERDecodeUnsigned
in our x509 impl (as well as other BER classes/functions).