openssl/crypto/pem
Dr. Stephen Henson 5f57abe2b1 Sanity check PVK file fields.
PVK files with abnormally large length or salt fields can cause an
integer overflow which can result in an OOB read and heap corruption.
However this is an rarely used format and private key files do not
normally come from untrusted sources the security implications not
significant.

Fix by limiting PVK length field to 100K and salt to 10K: these should be
more than enough to cover any files encountered in practice.

Issue reported by Guido Vranken.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 01:20:04 +00:00
..
build.info unified build scheme: add build.info files 2016-02-01 12:46:58 +01:00
Makefile.in Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
message Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
pem_all.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
pem_err.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
pem_info.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
pem_lib.c GH715: ENGINE_finish can take NULL 2016-02-25 15:19:42 -05:00
pem_oth.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
pem_pk8.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
pem_pkey.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
pem_sign.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
pem_x509.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
pem_xaux.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
pkcs7.lis Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
pvkfmt.c Sanity check PVK file fields. 2016-03-04 01:20:04 +00:00