* Configure: Replaced -DTERMIO by -DTERMIOS in CFLAGS.
* crypto/bio/bss_dgram.c [WATT32]: Remove obsolete redefinition of
function names: sock_write, sock_read and sock_puts.
* crypto/bio/bss_sock.c [WATT32]: For Watt-32 2.2.11 sock_write,
sock_read and sock_puts are redefined to their private names so
their names must be undefined first before they can be redefined
again.
* crypto/bio/bss_file.c (file_fopen) [__DJGPP__]: Make a copy of the
passed file name and replace the leading dots in the dirname part
and the basname part of the file name, unless LFN is supported.
* e_os.h [__DJGPP__]: Undefine macro DEVRANDOM_EGD. Neither MS-DOS nor
FreeDOS provide 'egd' sockets.
New macro HAS_LFN_SUPPORT checks if underlying file system supports
long file names or not.
Include sys/un.h.
Define WATT32_NO_OLDIES.
* INSTALL.DJGPP: Update URL of WATT-32 library.
Submitted by Juan Manuel Guerrero <juan.guerrero@gmx.de>
RT#4217
Reviewed-by: Andy Polyakov <appro@openssl.org>
BIO_eof() was always returning true when using a BIO pair. It should only
be true if the peer BIO is empty and has been shutdown.
RT#1215
Reviewed-by: Richard Levitte <levitte@openssl.org>
- Missing checks for allocation failure.
- releasing memory in few missing error paths
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
The old BIO_accept() function can encounter errors during malloc. We need
to ensure we properly clean up if that occurs.
GH Issue #817
Reviewed-by: Richard Levitte <levitte@openssl.org>
The code that implements this control would work when enabling nbio,
but the disabling code needed fixing.
Reviewed-by: Matt Caswell <matt@openssl.org>
During construction of a mem BIO we allocate some resources. If this
allocation fails we can end up leaking everything we have allocated so
far.
Reviewed-by: Richard Levitte <levitte@openssl.org>
When setting an accepted socket for non-blocking, if the operation fails
make sure we close the accepted socket.
Reviewed-by: Richard Levitte <levitte@openssl.org>
BIO_sock_error() returned 1 when getsockopt() fails when it should
return the error code for that failure.
Additionally, the optlen parameter to getsockopt() has to point at
the size of the area that the optval parameter points at rather than
zero. Some systems may forgive it being zero, but others don't.
Reviewed-by: Matt Caswell <matt@openssl.org>
The Unix build was the last to retain the classic build scheme. The
new unified scheme has matured enough, even though some details may
need polishing.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Travis identified a problem with freeing the ex_data locks which wasn't
quite right in ff2344052. Trying to fix it identified a further problem:
the ex_data locks are cleaned up by OPENSSL_cleanup(), which is called
explicitly by CRYPTO_mem_leaks(), but then later the BIO passed to
CRYPTO_mem_leaks() is freed. An attempt is then made to use the ex_data
lock already freed.
Reviewed-by: Tim Hudson <tjh@openssl.org>
There is a preference for suffixes to indicate that a function is internal
rather than prefixes. Note: the suffix is only required to disambiguate
internal functions and public symbols with the same name (but different
case)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
There was a lot of naming inconsistency, so we try and standardise on
one form.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
BIO_sock_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
When a file is opened with BIO_new_file(), make sure that the internal
mode TEXT vs BINARY setting reflects what's given in the mode string.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Since NDEBUG is defined unconditionally on command line for release
builds, we can omit *_DEBUG options in favour of effective "all-on"
in debug builds exercised though CI.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
It was harmless in this case, but best avoid the annoying warnings.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Currently on every BIO mem read operation the remaining data is reallocated.
This commit solves the issue.
BIO mem structure includes additional pointer to the read position.
On every read the pointer moves instead of reallocating the memory for the remaining data.
Reallocation accures before write and some ioctl operations, if the read pointer doesn't point on the beginning of the buffer.
Also the flag is added to rewind the read pointer without losing the data.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
On VMS, the C compiler can work with 32-bit and 64-bit pointers, and
the command line determines what the initial pointer size shall be.
However, there is some functionality that only works with 32-bit
pointers. In this case, it's gethostbyname(), getservbyname() and
accompanying structures, so we need to make sure that we define our
own pointers as 32-bit ones.
Furthermore, there seems to be a bug in VMS C netdb.h, where struct
addrinfo is always defined with 32-bit pointers no matter what, but
the functions handling it are adapted to the initial pointer size.
This leads to pointer size warnings when compiling with
/POINTER_SIZE=64. The workaround is to force struct addrinfo to be
the 64-bit variant if the initial pointer size is 64.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Also, have it always be built, even though it's only (currently) used
on VMS. That will assure it will get the same changes as all others.
Reviewed-by: Matt Caswell <matt@openssl.org>
Move the the BIO_METHOD and BIO structures into internal header files,
provide appropriate accessor methods and update all internal code to use
the new accessors where appropriate.
Reviewed-by: Richard Levitte <levitte@openssl.org>
BIO_new, etc., don't need a non-const BIO_METHOD. This allows all the
built-in method tables to live in .rodata.
Reviewed-by: Richard Levitte <levitte@openssl.org>
On Windows we call WSAGetLastError() to find out the last error that
happened on a socket operation. We use this to find out whether we can
retry the operation or not. You are supposed to call this immediately
however in a couple of places we logged an error first. This can end up
making other Windows system calls to get the thread local error state.
Sometimes that can clobber the error code, so if you call WSAGetLastError()
later on you get a spurious response and the socket operation looks like
a fatal error.
Really we shouldn't be logging an error anyway if its a retryable issue.
Otherwise we could end up with stale errors on the error queue.
Reviewed-by: Richard Levitte <levitte@openssl.org>
BIO_snprintf() can return -1 on truncation (and overflow as of commit
9cb177301f). Though neither can
realistically occur while printing a pointer and short fixed string into
a buffer of length 256, the analysis to confirm that this the case goes
somewhat far up the call chain, and not all static analyzers can
successfully follow the chain of logic.
It's easy enough to clamp the returned length to be nonnegative before
continuing, which appeases the static analyzer and does not harm the
subsequent code.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
The internal |fmtstr| function used in processing a "%s" format string
in the BIO_*printf functions could overflow while calculating the length
of a string and cause an OOB read when printing very long strings.
Additionally the internal |doapr_outch| function can attempt to write to
an OOB memory location (at an offset from the NULL pointer) in the event of
a memory allocation failure. In 1.0.2 and below this could be caused where
the size of a buffer to be allocated is greater than INT_MAX. E.g. this
could be in processing a very long "%s" format string. Memory leaks can also
occur.
These issues will only occur on certain platforms where sizeof(size_t) >
sizeof(int). E.g. many 64 bit systems. The first issue may mask the second
issue dependent on compiler behaviour.
These problems could enable attacks where large amounts of untrusted data
is passed to the BIO_*printf functions. If applications use these functions
in this way then they could be vulnerable. OpenSSL itself uses these
functions when printing out human-readable dumps of ASN.1 data. Therefore
applications that print this data could be vulnerable if the data is from
untrusted sources. OpenSSL command line applications could also be
vulnerable where they print out ASN.1 data, or if untrusted data is passed
as command line arguments.
Libssl is not considered directly vulnerable. Additionally certificates etc
received via remote connections via libssl are also unlikely to be able to
trigger these issues because of message size limits enforced within libssl.
CVE-2016-0799
Issue reported by Guido Vranken.
Reviewed-by: Andy Polyakov <appro@openssl.org>
