Assertion failure: child_found_tag_number < SEC_ASN1_HIGH_TAG_NUMBER, at ../../lib/util/secasn1d.c:2210
Categories
(NSS :: Libraries, defect)
Tracking
(firefox-esr102 wontfix, firefox109 wontfix, firefox110 wontfix, firefox111 wontfix, firefox112 fixed)
People
(Reporter: decoder, Assigned: jschanck)
Details
(Keywords: crash, sec-other, testcase, Whiteboard: [nss-triage][post-critsmash-triage][adv-main112-])
Attachments
(3 files)
The attached testcase crashes on nss revision a3669ed2c606+ (debug build with ASan/fuzzing).
For detailed crash information, see attachment.
To reproduce the issue, perform the following steps:
- Build NSS with fuzzing enabled and patch from bug 1804646 applied:
./build.sh --asan --clang --fuzz
(assuming mozbuild clang/clang++ is on PATH and matching NSPR with ASan is installed/used). - Run
nssfuzz-pkcs12 test.bin
I don't think this is a security problem but keeping this hidden until all PKCS12 issues are resolved and the fuzzer itself is public.
Reporter | ||
Comment 1•1 year ago
|
||
Reporter | ||
Comment 2•1 year ago
|
||
Updated•1 year ago
|
Comment 3•1 year ago
|
||
The severity field is not set for this bug.
:beurdouche, could you have a look please?
For more information, please visit auto_nag documentation.
Updated•1 year ago
|
Assignee | ||
Comment 4•1 year ago
|
||
If a template has an OPTIONAL field, and we find that the input does not match
that field's tag number, we mark the field as missing. If the next field is an
ASN.1 ANY, we need to write the previously-parsed tag number out. Since high
tag number forms are rare, we never implemented the necessary re-encoding of
multi-byte tags, and we noted this with an assertion. That assertion is
remotely triggerable in debug builds. This patch removes the assertion and
returns a SEC_ERROR_LIBRARY_FAILURE instead.
Comment 5•1 year ago
|
||
Updated•1 year ago
|
Updated•1 year ago
|
Updated•5 months ago
|
Description
•