wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto/asn1
History
Dr. Stephen Henson cc598f321f Fix leak with ASN.1 combine. 
When parsing a combined structure pass a flag to the decode routine
so on error a pointer to the parent structure is not zeroed as
this will leak any additional components in the parent.

This can leak memory in any application parsing PKCS#7 or CMS structures.

CVE-2015-3195.

Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
libFuzzer.

PR#4131

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-03 14:32:05 +00:00
..
a_bitstr.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
a_bool.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
a_bytes.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
a_d2i_fp.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
a_digest.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
a_dup.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
a_enum.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
a_gentm.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
a_i2d_fp.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
a_int.c Fix encoding bug in i2c_ASN1_INTEGER 2015-04-18 14:43:33 +01:00
a_mbstr.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
a_object.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
a_octet.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
a_print.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
a_set.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
a_sign.c Re-align some comments after running the reformat script. 2015-01-22 09:31:48 +00:00
a_strex.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
a_strnid.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
a_time.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
a_type.c Fix ASN1_TYPE_cmp 2015-03-19 12:58:35 +00:00
a_utctm.c Fix regression in ASN1_UTCTIME_cmp_time_t 2015-03-15 19:47:08 +00:00
a_utf8.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
a_verify.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
ameth_lib.c Add funtions to set item_sign and item_verify 2015-06-03 15:18:14 +01:00
asn1.h Cleanse PKCS#8 private key components. 2015-03-08 16:29:28 +00:00
asn1_err.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
asn1_gen.c Limit depth of nested sequences when generating ASN.1 2015-04-16 16:06:11 +01:00
asn1_lib.c Cleanse PKCS#8 private key components. 2015-03-08 16:29:28 +00:00
asn1_locl.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
asn1_mac.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
asn1_par.c Fix uninitialised p error. 2015-11-24 16:55:34 +00:00
asn1t.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
asn_mime.c Code style: space after 'if' 2015-04-16 13:50:01 -04:00
asn_moid.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
asn_pack.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
bio_asn1.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
bio_ndef.c Code style: space after 'if' 2015-04-16 13:50:01 -04:00
charmap.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
charmap.pl Add license info. 2014-07-04 18:43:06 +01:00
d2i_pr.c Fix more d2i cases to properly update the input pointer 2015-10-03 13:29:15 +02:00
d2i_pu.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
evp_asn1.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
f_enum.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
f_int.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
f_string.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
i2d_pr.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
i2d_pu.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
Makefile Fix the update target and remove duplicate file updates 2015-05-23 06:25:12 +02:00
n_pkey.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
nsseq.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
p5_pbe.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
p5_pbev2.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
p8_pkey.c Check PKCS#8 pkey field is valid before cleansing. 2015-02-03 14:02:12 +00:00
t_bitst.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
t_crl.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
t_pkey.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
t_req.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
t_spki.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
t_x509.c Use inner algorithm when printing certificate. 2015-01-22 12:42:15 +00:00
t_x509a.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
tasn_dec.c Fix leak with ASN.1 combine. 2015-12-03 14:32:05 +00:00
tasn_enc.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
tasn_fre.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
tasn_new.c Don't set *pval to NULL in ASN1_item_ex_new. 2015-04-10 19:52:02 +01:00
tasn_prn.c Code style: space after 'if' 2015-04-16 13:50:01 -04:00
tasn_typ.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
tasn_utl.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
x_algor.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
x_attrib.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
x_bignum.c check bn_new return value 2015-08-31 16:04:39 -04:00
x_crl.c Rerun util/openssl-format-source -v -c . 2015-01-22 09:31:48 +00:00
x_exten.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
x_info.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
x_long.c Fix format script. 2015-03-02 13:43:17 +00:00
x_name.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
x_nx509.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
x_pkey.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
x_pubkey.c d2i: don't update input pointer on failure 2015-09-15 00:07:54 +02:00
x_req.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
x_sig.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
x_spki.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
x_val.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
x_x509.c Fix more d2i cases to properly update the input pointer 2015-10-03 13:29:15 +02:00
x_x509a.c GH354: Memory leak fixes 2015-08-28 11:59:23 -04:00