openssl/ssl
Matt Caswell 1e16987fc1 Avoid an overflow in constructing the ServerKeyExchange message
We calculate the size required for the ServerKeyExchange message and then
call BUF_MEM_grow_clean() on the buffer. However we fail to take account of
2 bytes required for the signature algorithm and 2 bytes for the signature
length, i.e. we could overflow by 4 bytes. In reality this won't happen
because the buffer is pre-allocated to a large size that means it should be
big enough anyway.

Addresses an OCAP Audit issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-01 19:23:29 +01:00
..
record Whitespace cleanup in ssl folder 2016-06-29 09:56:39 -04:00
statem Avoid an overflow in constructing the ServerKeyExchange message 2016-07-01 19:23:29 +01:00
bio_ssl.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
build.info Update build.info files for auto-init/de-init 2016-02-09 15:11:38 +00:00
d1_lib.c Whitespace cleanup in ssl folder 2016-06-29 09:56:39 -04:00
d1_msg.c Whitespace cleanup in ssl folder 2016-06-29 09:56:39 -04:00
d1_srtp.c Add checks on sk_TYPE_push() returned result 2016-06-23 14:03:29 +01:00
methods.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
packet_locl.h Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
pqueue.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
s3_cbc.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
s3_enc.c Add some missing return value checks 2016-06-13 17:38:39 +01:00
s3_lib.c Add checks on sk_TYPE_push() returned result 2016-06-23 14:03:29 +01:00
s3_msg.c Always use session_ctx when removing a session 2016-06-08 15:22:41 +01:00
ssl_asn1.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
ssl_cert.c Add checks on sk_TYPE_push() returned result 2016-06-23 14:03:29 +01:00
ssl_ciph.c Add checks on sk_TYPE_push() returned result 2016-06-23 14:03:29 +01:00
ssl_conf.c Spelling... and more spelling 2016-06-22 00:26:10 +02:00
ssl_err.c Spelling... and more spelling 2016-06-22 00:26:10 +02:00
ssl_init.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
ssl_lib.c Spelling... and more spelling 2016-06-22 00:26:10 +02:00
ssl_locl.h Handle a memory allocation failure in ssl3_init_finished_mac() 2016-06-03 20:29:04 +01:00
ssl_mcnf.c Whitespace cleanup in ssl folder 2016-06-29 09:56:39 -04:00
ssl_rsa.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
ssl_sess.c Initialize the session_id 2016-06-14 19:30:36 +02:00
ssl_stat.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
ssl_txt.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
ssl_utst.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
t1_enc.c Spelling... and more spelling 2016-06-22 00:26:10 +02:00
t1_ext.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
t1_lib.c Spelling 2016-06-29 09:56:39 -04:00
t1_reneg.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
t1_trce.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
tls_srp.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00