wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto
History
Gunnar Kudrjavets 56d88027f0 Fix the heap corruption in libeay32!OBJ_add_object. 
Original 'sizeof(ADDED_OBJ)' was replaced with 'sizeof(*ao)'. However,
they return different sizes. Therefore as the result heap gets corrupted
and at some point later debug version of malloc() detects the corruption.

On x86 we can observe that as follows:

sizeof(*ao) == 4
sizeof(*ao[0]) == sizeof(ADDED_OBJ) == 8

Issue reproduces with either enabling CRT debug heap or Application
Verifier's full-page heap.

Basic debugging data from the moment the corruption is first detected:

0:000:x86> |
.  0    id: 283c        create  name: openssl.exe
0:000:x86> kcn
 #
00 MSVCR120D!_heap_alloc_dbg_impl
01 MSVCR120D!_nh_malloc_dbg_impl
02 MSVCR120D!_nh_malloc_dbg
03 MSVCR120D!malloc
04 LIBEAY32!default_malloc_ex
05 LIBEAY32!CRYPTO_malloc
06 LIBEAY32!lh_insert
07 LIBEAY32!OBJ_add_object
08 LIBEAY32!OBJ_create
09 openssl!add_oid_section
0a openssl!req_main
0b openssl!do_cmd
0c openssl!main
0d openssl!__tmainCRTStartup
0e openssl!mainCRTStartup
0f KERNEL32!BaseThreadInitThunk
10 ntdll_77d60000!__RtlUserThreadStart
11 ntdll_77d60000!_RtlUserThreadStart

Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-13 09:23:23 +01:00
..
aes aes/asm/aesni-x86.pl: fix typo affecting Windows build. 2015-04-20 18:39:56 +02:00
asn1 Use p==NULL not !p (in if statements, mainly) 2015-05-11 10:06:38 -04:00
bf Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant 2015-03-31 20:16:01 +02:00
bio Use p==NULL not !p (in if statements, mainly) 2015-05-11 10:06:38 -04:00
bn memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
buffer Use safer sizeof variant in malloc 2015-05-04 15:00:13 -04:00
camellia Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant 2015-03-31 20:16:01 +02:00
cast Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant 2015-03-31 20:16:01 +02:00
cmac Use "==0" instead of "!strcmp" etc 2015-05-06 22:37:53 -04:00
cms Use p==NULL not !p (in if statements, mainly) 2015-05-11 10:06:38 -04:00
comp Make COMP_CTX and COMP_METHOD opaque 2015-05-12 10:24:48 -04:00
conf Use p==NULL not !p (in if statements, mainly) 2015-05-11 10:06:38 -04:00
des Sanity check DES_enc_write buffer length 2015-04-30 23:12:39 +01:00
dh Use p==NULL not !p (in if statements, mainly) 2015-05-11 10:06:38 -04:00
dsa Use p==NULL not !p (in if statements, mainly) 2015-05-11 10:06:38 -04:00
dso memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
ec Use p==NULL not !p (in if statements, mainly) 2015-05-11 10:06:38 -04:00
ecdh Use safer sizeof variant in malloc 2015-05-04 15:00:13 -04:00
ecdsa Use safer sizeof variant in malloc 2015-05-04 15:00:13 -04:00
engine Use "==0" instead of "!strcmp" etc 2015-05-06 22:37:53 -04:00
err Use safer sizeof variant in malloc 2015-05-04 15:00:13 -04:00
evp Use p==NULL not !p (in if statements, mainly) 2015-05-11 10:06:38 -04:00
hmac Use "==0" instead of "!strcmp" etc 2015-05-06 22:37:53 -04:00
idea Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant 2015-03-31 20:16:01 +02:00
include/internal Error checking and memory leak fixes in NISTZ256. 2015-04-27 16:21:48 +02:00
jpake memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
krb5 Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant 2015-03-31 20:16:01 +02:00
lhash Use safer sizeof variant in malloc 2015-05-04 15:00:13 -04:00
md2 memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
md4 Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant 2015-03-31 20:16:01 +02:00
md5 Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant 2015-03-31 20:16:01 +02:00
mdc2 Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant 2015-03-31 20:16:01 +02:00
modes memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
objects Fix the heap corruption in libeay32!OBJ_add_object. 2015-05-13 09:23:23 +01:00
ocsp Use p==NULL not !p (in if statements, mainly) 2015-05-11 10:06:38 -04:00
pem Use p==NULL not !p (in if statements, mainly) 2015-05-11 10:06:38 -04:00
perlasm Add assembly support for 32-bit iOS. 2015-04-20 15:06:22 +02:00
pkcs7 Use p==NULL not !p (in if statements, mainly) 2015-05-11 10:06:38 -04:00
pkcs12 Use p==NULL not !p (in if statements, mainly) 2015-05-11 10:06:38 -04:00
pqueue memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
rand Add OSSL_NELEM macro. 2015-05-03 12:53:08 +01:00
rc2 Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant 2015-03-31 20:16:01 +02:00
rc4 Remove outdated RC4 files 2015-05-02 07:23:58 -04:00
rc5 Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant 2015-03-31 20:16:01 +02:00
ripemd Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant 2015-03-31 20:16:01 +02:00
rsa Use p==NULL not !p (in if statements, mainly) 2015-05-11 10:06:38 -04:00
seed Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant 2015-03-31 20:16:01 +02:00
sha memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
srp Use p==NULL not !p (in if statements, mainly) 2015-05-11 10:06:38 -04:00
stack memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
store memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
threads free null cleanup finale 2015-05-01 10:02:07 -04:00
ts Use p==NULL not !p (in if statements, mainly) 2015-05-11 10:06:38 -04:00
txt_db Use p==NULL not !p (in if statements, mainly) 2015-05-11 10:06:38 -04:00
ui memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
whrlpool Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant 2015-03-31 20:16:01 +02:00
x509 Use p==NULL not !p (in if statements, mainly) 2015-05-11 10:06:38 -04:00
x509v3 Use p==NULL not !p (in if statements, mainly) 2015-05-11 10:06:38 -04:00
alphacpuid.pl
arm64cpuid.pl Add assembly support to ios64-cross. 2015-01-23 15:38:41 +01:00
arm_arch.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
armcap.c Add assembly support for 32-bit iOS. 2015-04-20 15:06:22 +02:00
armv4cpuid.pl Add assembly support for 32-bit iOS. 2015-04-20 15:06:22 +02:00
c64xpluscpuid.pl
constant_time_locl.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
cpt_err.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
cryptlib.c more OSSL_NELEM cases 2015-05-04 13:03:49 +01:00
cryptlib.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
crypto-lib.com Remove the fake RLE compression method. 2015-05-04 15:14:26 -04:00
cversion.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
ebcdic.c Appease clang -Wempty-translation-unit 2015-04-04 17:05:49 +02:00
ex_data.c Use safer sizeof variant in malloc 2015-05-04 15:00:13 -04:00
fips_err.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
fips_ers.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
ia64cpuid.S
install-crypto.com ui_compat cleanup; makefiles and vms 2015-02-06 16:49:17 -05:00
lock.c Use safer sizeof variant in malloc 2015-05-04 15:00:13 -04:00
LPdir_nyi.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
LPdir_unix.c memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
LPdir_vms.c memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
LPdir_win.c memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
LPdir_win32.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
LPdir_wince.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
Makefile Add assembly support for 32-bit iOS. 2015-04-20 15:06:22 +02:00
md32_common.h Keep disclaiming 16-bit support. 2015-01-23 19:09:01 +01:00
mem.c free null cleanup finale 2015-05-01 10:02:07 -04:00
mem_clr.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
mem_dbg.c Use safer sizeof variant in malloc 2015-05-04 15:00:13 -04:00
o_dir.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
o_dir.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
o_dir_test.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
o_fips.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
o_init.c Dead code cleanup: crypto/*.c, x509v3, demos 2015-02-02 11:08:16 -05:00
o_str.c ifdef cleanup part 3: OPENSSL_SYSNAME 2015-01-23 11:58:26 -05:00
o_str.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
o_time.c Re-align some comments after running the reformat script. 2015-01-22 09:20:10 +00:00
opensslconf.h.in
pariscid.pl
ppc_arch.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
ppccap.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
ppccpuid.pl
s390xcap.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
s390xcpuid.S
sparc_arch.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
sparccpuid.S
sparcv9cap.c Dead code cleanup: crypto/*.c, x509v3, demos 2015-02-02 11:08:16 -05:00
thr_id.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
uid.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
vms_rms.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
x86_64cpuid.pl
x86cpuid.pl