This shouldn't have happened: A vulnerability postmortem
Posted by Tavis Ormandy, Project Zero Introduction This is an unusual blog post. I normally write posts to highlight some hidden att...
Click to view the original at googleprojectzero.blogspot.com
Hasnain says:
Terrible bug aside, this was a great postmortem and actionable set of follow-ups.
inb4 rust rewrite though.
"The maximum size signature that this structure can handle is whatever the largest union member is, in this case that’s RSA at 2048 bytes. That’s 16384 bits, large enough to accommodate signatures from even the most ridiculously oversized keys.
Okay, but what happens if you just....make a signature that’s bigger than that?
Well, it turns out the answer is memory corruption. Yes, really.
The untrusted signature is simply copied into this fixed-sized buffer, overwriting adjacent members with arbitrary attacker-controlled data."
Posted on 2021-12-02T02:53:26+0000