wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto
History
Matt Caswell 99ba9fd02f Fix BN_hex2bn/BN_dec2bn NULL ptr/heap corruption 
In the BN_hex2bn function the number of hex digits is calculated using
an int value |i|. Later |bn_expand| is called with a value of |i * 4|.
For large values of |i| this can result in |bn_expand| not allocating any
memory because |i * 4| is negative. This leaves ret->d as NULL leading
to a subsequent NULL ptr deref. For very large values of |i|, the
calculation |i * 4| could be a positive value smaller than |i|. In this
case memory is allocated to ret->d, but it is insufficiently sized
leading to heap corruption. A similar issue exists in BN_dec2bn.

This could have security consequences if BN_hex2bn/BN_dec2bn is ever
called by user applications with very large untrusted hex/dec data. This is
anticipated to be a rare occurrence.

All OpenSSL internal usage of this function uses data that is not expected
to be untrusted, e.g. config file data or application command line
arguments. If user developed applications generate config file data based
on untrusted data then it is possible that this could also lead to security
consequences. This is also anticipated to be a rare.

Issue reported by Guido Vranken.

CVE-2016-0797

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-29 16:32:18 +00:00
..
aes Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
asn1 GH753: More spelling fix 2016-02-27 10:58:16 -05:00
async Clarify ASYNC_WAIT_CTX_clear_fd() docs 2016-02-29 12:58:44 +00:00
bf Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
bio Fix memory issues in BIO_*printf functions 2016-02-25 22:45:58 +00:00
bn Fix BN_hex2bn/BN_dec2bn NULL ptr/heap corruption 2016-02-29 16:32:18 +00:00
buffer Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
camellia Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
cast Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
chacha chacha/asm/chacha-*.pl: fix typos in tail processing. 2016-02-27 21:09:02 +01:00
cmac Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
cms Remove unused parameters from internal functions 2016-02-22 13:39:44 -05:00
comp Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
conf Remove unused parameters from internal functions 2016-02-22 13:39:44 -05:00
ct Fix for potential deferencing of null pointer in o2i_SCT_signature 2016-02-26 14:57:29 -05:00
des Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
dh GH715: ENGINE_finish can take NULL 2016-02-25 15:19:42 -05:00
dsa GH715: Missed some null-check-removals. follow commits 412bafdcf5, and 7c96dbcdab 2016-02-28 17:40:08 -05:00
dso Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
ec remove unused variables 2016-02-29 15:13:31 +00:00
engine GH715: ENGINE_finish can take NULL 2016-02-25 15:19:42 -05:00
err Public API for Certificate Transparency 2016-02-26 14:57:29 -05:00
evp GH715: ENGINE_finish can take NULL 2016-02-25 15:19:42 -05:00
hmac Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
idea Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
include/internal Fix BN_hex2bn/BN_dec2bn NULL ptr/heap corruption 2016-02-29 16:32:18 +00:00
kdf Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
lhash Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
md2 Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
md4 Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
md5 Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
mdc2 Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
modes modes/asm/ghash-x86_64.pl: refine GNU assembler version detection. 2016-02-27 21:14:18 +01:00
objects Rename OIDs. 2016-02-28 22:54:53 +00:00
ocsp Remove unused parameters from internal functions 2016-02-22 13:39:44 -05:00
pem GH715: ENGINE_finish can take NULL 2016-02-25 15:19:42 -05:00
perlasm Fix some issues near recent chomp changes. 2016-02-13 02:54:48 -05:00
pkcs7 Add PKCS7_NO_DUAL_CONTENT flag 2016-02-23 08:42:03 -05:00
pkcs12 Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
poly1305 poly1305/asm/poly1305-armv4.pl: replace ambiguous instruction. 2016-02-23 21:14:25 +01:00
rand GH715: ENGINE_finish can take NULL 2016-02-25 15:19:42 -05:00
rc2 Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
rc4 Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
rc5 Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
ripemd Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
rsa GH715: Missed some null-check-removals. 2016-02-28 09:41:23 -05:00
seed Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
sha Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
srp CVE-2016-0798: avoid memory leak in SRP 2016-02-25 15:42:48 +01:00
stack Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
ts Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
txt_db Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
ui Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
whrlpool Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
x509 Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
x509v3 Add more CT utility routines to be used as part of larger patch. 2016-02-25 13:59:11 -05:00
alphacpuid.pl
arm64cpuid.pl Add assembly support to ios64-cross. 2015-01-23 15:38:41 +01:00
arm_arch.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
armcap.c Add assembly support for 32-bit iOS. 2015-04-20 15:06:22 +02:00
armv4cpuid.pl ARMv4 assembly pack: implement support for Thumb2. 2015-09-25 13:34:02 +02:00
build.info Implement new multi-threading API 2016-02-26 10:00:36 +00:00
c64xpluscpuid.pl C64x+ assembly pack: make it work with older toolchain. 2014-05-04 16:38:32 +02:00
cpt_err.c After renaming init, update errors. 2016-02-10 15:52:32 -05:00
cryptlib.c Declare DllMain internally 2016-02-14 14:13:53 +01:00
cversion.c Make it possible to get ENGINESDIR info from OpenSSL_versions 2016-02-10 19:36:48 +01:00
ebcdic.c Use NON_EMPTY_TRANSLATION_UNIT, consistently. 2016-02-09 20:13:29 -05:00
ex_data.c GH601: Various spelling fixes. 2016-02-05 15:25:50 -05:00
fips_err.h Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
fips_ers.c Use NON_EMPTY_TRANSLATION_UNIT, consistently. 2016-02-09 20:13:29 -05:00
ia64cpuid.S
init.c Fix windows thread stop code 2016-02-18 15:27:16 +00:00
lock.c GH678: Add a few more zalloc 2016-02-22 12:13:37 -05:00
LPdir_nyi.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
LPdir_unix.c memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
LPdir_vms.c memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
LPdir_win.c memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
LPdir_win32.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
LPdir_wince.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
Makefile.in Implement new multi-threading API 2016-02-26 10:00:36 +00:00
mem.c Build fix: remove cleanse_ctr 2016-02-25 10:19:50 -05:00
mem_clr.c RT4116: Change cleanse to just memset 2016-02-25 10:04:00 -05:00
mem_dbg.c Implement the use of heap manipulator implementions 2016-02-17 10:12:49 +01:00
mem_sec.c Remove unused parameters from internal functions 2016-02-22 13:39:44 -05:00
o_dir.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
o_fips.c Identify and move common internal libcrypto header files 2015-05-14 17:21:40 +02:00
o_init.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
o_str.c Fix master compile error 2016-02-26 16:50:59 +00:00
o_time.c GH601: Various spelling fixes. 2016-02-05 15:25:50 -05:00
pariscid.pl PA-RISC assembler pack: switch to bve in 64-bit builds. 2013-06-18 10:37:00 +02:00
ppc_arch.h crypto/ppccap.c: add SIGILL-free processor capability detection code. 2015-12-14 16:08:49 +01:00
ppccap.c Configurations: engage PPC ChaCha20 and Poly1305 modules. 2016-02-13 17:22:20 +01:00
ppccpuid.pl crpyto/ppccpuid.pl: add FPU probe and fix OPENSSL_rdtsc. 2015-12-14 16:09:25 +01:00
s390xcap.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
s390xcpuid.S
sparc_arch.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
sparccpuid.S Conversion to UTF-8 where needed 2015-07-14 01:10:01 +02:00
sparcv9cap.c crypto/sparcv9cap.c: add SIGILL-free feature detection for Solaris. 2015-12-02 10:53:33 +01:00
thr_id.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
threads_none.c Implement new multi-threading API 2016-02-26 10:00:36 +00:00
threads_pthread.c Implement new multi-threading API 2016-02-26 10:00:36 +00:00
threads_win.c Implement new multi-threading API 2016-02-26 10:00:36 +00:00
uid.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
vms_rms.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
x86_64cpuid.pl x86[_64]cpuid.pl: add low-level RDSEED. 2014-02-14 17:24:12 +01:00
x86cpuid.pl Undo a90081576c 2014-08-09 08:02:20 -04:00