wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto
History
Emilia Kasper c225c3cf9b PKCS#7: avoid NULL pointer dereferences with missing content 
In PKCS#7, the ASN.1 content component is optional.
This typically applies to inner content (detached signatures),
however we must also handle unexpected missing outer content
correctly.

This patch only addresses functions reachable from parsing,
decryption and verification, and functions otherwise associated
with reading potentially untrusted data.

Correcting all low-level API calls requires further work.

CVE-2015-0289

Thanks to Michal Zalewski (Google) for reporting this issue.

Reviewed-by: Steve Henson <steve@openssl.org>
2015-03-19 13:01:13 +00:00
..
aes Fix undefined behaviour in shifts. 2015-03-13 21:10:13 -07:00
asn1 Fix ASN1_TYPE_cmp 2015-03-19 13:01:13 +00:00
bf clang on Linux x86_64 complains about unreachable code. 2015-01-29 01:54:09 +01:00
bio Remove dead code from crypto 2015-03-17 14:48:44 +00:00
bn Fix probable_prime over large shift 2015-03-17 13:41:49 +00:00
buffer size_t for buffer functions. 2015-02-13 13:50:36 +00:00
camellia Fix crash in SPARC T4 XTS. 2015-02-24 10:11:36 +01:00
cast Dead code cleanup: #if 0 dropped from tests 2015-02-02 11:11:34 -05:00
cmac Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
cms Unchecked malloc fixes 2015-03-05 09:09:57 +00:00
comp Dead code removal: #if 0 bio, comp, rand 2015-01-29 21:38:57 -05:00
conf RT3670: Check return from BUF_MEM_grow_clean 2015-02-12 13:00:42 -05:00
des des/asm/des_enc.m4: fix brown-bag typo in last commit. 2015-02-09 08:58:43 +01:00
dh Fix dh_pub_encode 2015-03-12 09:22:56 +00:00
dsa Fix dsa_pub_encode 2015-03-12 09:23:42 +00:00
dso Remove dead code from crypto 2015-03-17 14:48:44 +00:00
ec Avoid reading an unused byte after the buffer 2015-03-14 18:23:41 +01:00
ecdh Update ordinals, fix error message. 2015-03-15 15:56:24 +00:00
ecdsa Update ordinals, fix error message. 2015-03-15 15:56:24 +00:00
engine Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC 2015-03-11 09:29:37 -04:00
err Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC 2015-03-11 09:29:37 -04:00
evp Fix EVP_DigestInit_ex with NULL digest 2015-03-12 09:19:24 +00:00
hmac HMAC_cleanup, and HMAC_Init are stated as deprecated in the docs and source. 2015-02-10 14:32:56 +00:00
idea clang on Linux x86_64 complains about unreachable code. 2015-01-29 01:54:09 +01:00
include/internal Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
jpake Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
krb5 Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
lhash Add missing declaration for lh_node_usage_stats 2015-01-28 12:27:23 -05:00
md2 Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
md4 clang on Linux x86_64 complains about unreachable code. 2015-01-29 01:54:09 +01:00
md5 clang on Linux x86_64 complains about unreachable code. 2015-01-29 01:54:09 +01:00
mdc2 ui_compat cleanup; makefiles and vms 2015-02-06 16:49:17 -05:00
modes Fix unintended sign extension 2015-03-17 13:39:53 +00:00
objects Unchecked malloc fixes 2015-03-05 09:09:57 +00:00
ocsp Remove obsolete declarations. 2015-03-12 14:12:17 +00:00
pem ui_compat cleanup; makefiles and vms 2015-02-06 16:49:17 -05:00
perlasm Fix crash in SPARC T4 XTS. 2015-02-24 10:11:36 +01:00
pkcs7 PKCS#7: avoid NULL pointer dereferences with missing content 2015-03-19 13:01:13 +00:00
pkcs12 Make X509_ATTRIBUTE opaque. 2015-03-16 15:54:19 +00:00
pqueue Dead code removal: #if 0 conf, dso, pqueue, threads 2015-01-30 12:46:49 -05:00
rand Unchecked malloc fixes 2015-03-05 09:09:57 +00:00
rc2 clang on Linux x86_64 complains about unreachable code. 2015-01-29 01:54:09 +01:00
rc4 clang on Linux x86_64 complains about unreachable code. 2015-01-29 01:54:09 +01:00
rc5 ifdef cleanup, part 4a: '#ifdef undef' 2015-01-24 10:58:38 -05:00
ripemd Dead code: crypto/dh,modes,pkcs12,ripemd,rsa,srp 2015-02-03 11:20:56 -05:00
rsa Reject invalid PSS parameters. 2015-03-19 13:01:13 +00:00
seed Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
sha ARMv4 assembly pack: add Cortex-A15 performance data. 2015-03-08 14:09:32 +01:00
srp Dead code: crypto/dh,modes,pkcs12,ripemd,rsa,srp 2015-02-03 11:20:56 -05:00
stack Fix memset call in stack.c 2015-03-17 13:39:53 +00:00
store util/mkstack.pl now generates entire safestack.h 2015-02-06 10:47:53 -05:00
threads Unchecked malloc fixes 2015-03-05 09:09:57 +00:00
ts Remove obsolete declarations. 2015-03-12 14:12:17 +00:00
txt_db OPENSSL_NO_xxx cleanup: many removals 2015-01-27 10:06:22 -05:00
ui Assume TERMIOS is default, remove TERMIO on all Linux. 2015-02-21 23:51:05 +01:00
whrlpool Re-align some comments after running the reformat script. 2015-01-22 09:20:10 +00:00
x509 Make X509_ATTRIBUTE opaque. 2015-03-16 15:54:19 +00:00
x509v3 Remove obsolete declarations. 2015-03-12 14:12:17 +00:00
alphacpuid.pl alphacpuid.pl: fix alignment bug. 2011-08-12 12:28:52 +00:00
arm64cpuid.pl Add assembly support to ios64-cross. 2015-01-23 15:38:41 +01:00
arm_arch.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
armcap.c Add assembly support to ios64-cross. 2015-01-23 15:38:41 +01:00
armv4cpuid.S Remove inconsistency in ARM support. 2015-01-04 23:45:08 +01:00
c64xpluscpuid.pl C64x+ assembly pack: make it work with older toolchain. 2014-05-04 16:38:32 +02:00
constant_time_locl.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
constant_time_test.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
cpt_err.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
cryptlib.c OPENSSL_NO_XXX cleanup: OPENSSL_NO_BUF_FREELISTS 2015-01-27 16:43:53 -05:00
cryptlib.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
crypto-lib.com Catch up the VMS build. 2015-03-05 18:20:06 +01:00
crypto.h "#if 0" removal: header files 2015-01-27 17:44:12 -05:00
cversion.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
ebcdic.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
ebcdic.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
ex_data.c Fix memory leak reporting. 2015-02-09 12:53:36 +00:00
fips_err.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
fips_ers.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
ia64cpuid.S IA-64 assembler pack: fix typos and make it work on HP-UX. 2011-05-07 20:36:05 +00:00
install-crypto.com ui_compat cleanup; makefiles and vms 2015-02-06 16:49:17 -05:00
lock.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
LPdir_nyi.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
LPdir_unix.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
LPdir_vms.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
LPdir_win.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
LPdir_win32.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
LPdir_wince.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
Makefile Add assembly support to ios64-cross. 2015-01-23 15:38:41 +01:00
md32_common.h Keep disclaiming 16-bit support. 2015-01-23 19:09:01 +01:00
mem.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
mem_clr.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
mem_dbg.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
o_dir.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
o_dir.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
o_dir_test.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
o_fips.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
o_init.c Dead code cleanup: crypto/*.c, x509v3, demos 2015-02-02 11:08:16 -05:00
o_str.c ifdef cleanup part 3: OPENSSL_SYSNAME 2015-01-23 11:58:26 -05:00
o_str.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
o_time.c Re-align some comments after running the reformat script. 2015-01-22 09:20:10 +00:00
opensslconf.h.in RT3548: Remove unsupported platforms 2014-12-28 01:17:52 -05:00
opensslv.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
ossl_typ.h Remove obsolete declarations. 2015-03-12 14:12:17 +00:00
pariscid.pl PA-RISC assembler pack: switch to bve in 64-bit builds. 2013-06-18 10:37:00 +02:00
ppc_arch.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
ppccap.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
ppccpuid.pl aesp8-ppc.pl: fix typos. 2014-06-04 08:34:18 +02:00
s390xcap.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
s390xcpuid.S Multiple assembler packs: add experimental memory bus instrumentation. 2011-04-17 12:46:00 +00:00
sparc_arch.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
sparccpuid.S sparccpuid.S: work around emulator bug on T1. 2013-02-11 10:39:50 +01:00
sparcv9cap.c Dead code cleanup: crypto/*.c, x509v3, demos 2015-02-02 11:08:16 -05:00
symhacks.h Remove ui_compat 2015-02-06 14:52:40 -05:00
thr_id.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
uid.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
vms_rms.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
x86_64cpuid.pl x86[_64]cpuid.pl: add low-level RDSEED. 2014-02-14 17:24:12 +01:00
x86cpuid.pl Undo a90081576c 2014-08-09 08:02:20 -04:00