oss-security - Null pointer access in inflatehd tool (nghttp2)

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Date: Thu, 4 Jun 2015 00:29:04 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Null pointer access in inflatehd tool (nghttp2)

https://blog.fuzzing-project.org/14-Null-pointer-access-in-inflatehd-tool-nghttp2.html

The nghttp2 library ships two tools to parse http headers packed with
the hpack algorithm. An invalid input file can crash the inflatehd
tool. This is a bug in the tool, there is no issue in the library.

This issue was fixed in version 0.7.15 of nghttp2.

One day of fuzzing both the inflatehd and deflatehd turned up no other
issues.

Sample input file
https://crashes.fuzzing-project.org/nghttp2-inflatehd-nullptr
Git commit / patch
https://github.com/tatsuhiro-t/nghttp2/commit/3572e7c6343cb85fc21f5667a7ed0902cf5305cf
Upstream bug report
https://github.com/tatsuhiro-t/nghttp2/issues/235
nghttp 0.7.15 release notes
https://github.com/tatsuhiro-t/nghttp2/releases/tag/v0.7.15

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Content of type "application/pgp-signature" skipped

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.