wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8713 commits 20 branches 302 tags 153 MiB
Commit graph

16 commits

Author SHA1 Message Date
Dr. Stephen Henson
8d038a08fb The fix for CVE-2012-2110 did not take into account that the 
'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
int in OpenSSL 0.9.8, making it still vulnerable. Fix by
rejecting negative len parameter.

Thanks to the many people who reported this bug and to Tomas Hoger
<thoger@redhat.com> for supplying the fix.
 2012-04-23 20:35:55 +00:00
Dr. Stephen Henson
747c6ffda4 correct error code 2012-04-22 13:31:46 +00:00
Dr. Stephen Henson
556e27b14f Check for potentially exploitable overflows in asn1_d2i_read_bio 
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
 2012-04-19 11:36:09 +00:00
Dr. Stephen Henson
8ec86dcf04 Merge minor FIPS branch changes: buffer, objects, pem, x509. 2008-09-15 19:56:12 +00:00
Bodo Möller
aa4ce7315f Fix various incorrect error function codes. 
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
 2005-04-26 18:53:22 +00:00
Richard Levitte
1ae0a83bdd Add BUF_strndup() and BUF_memdup(). Not currently used, but I've code 
that uses them that I'll commit in a few days.
 2003-04-29 22:08:57 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Bodo Möller
b693f941fd Consistency fix in BUF_MEM_grow: Initialise to zero when new memory 
had to be allocated, not just when reusing the existing buffer.
 2001-10-26 13:12:25 +00:00
Richard Levitte
26a3a48d65 There have been a number of complaints from a number of sources that names 
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.
 2000-06-01 22:19:21 +00:00
Bodo Möller
ec577822f9 Change #include filenames from <foo.h> to <openssl.h>. 
Submitted by:
Reviewed by:
PR:
 1999-04-23 22:13:45 +00:00
Ben Laurie
61f5b6f338 Work with -pedantic! 1999-04-23 15:01:15 +00:00
Ulf Möller
6b691a5c85 Change functions to ANSI C. 1999-04-19 21:31:43 +00:00
Ben Laurie
e778802f53 Massive constification. 1999-04-17 21:25:43 +00:00
Ben Laurie
e03ddfae7e Accept NULL in *_free. 1999-01-07 19:15:59 +00:00
Ralf S. Engelschall
58964a4922 Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
Ralf S. Engelschall
d02b48c63a Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00