wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto
History
Matt Caswell 8a585601fe Fix out-of-memory condition in conf 
conf has the ability to expand variables in config files. Repeatedly doing
this can lead to an exponential increase in the amount of memory required.
This places a limit on the length of a value that can result from an
expansion.

Credit to OSS-Fuzz for finding this problem.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2894)
2017-03-12 00:19:14 +00:00
..
aes aes/aes_x86core.c: clarify reference implementation status. 2017-03-02 16:26:01 +01:00
aria Implementation of the ARIA cipher as described in RFC 5794. 2017-02-21 11:51:45 +01:00
asn1 Exit the loop on failure 2017-03-09 09:26:13 -05:00
async Further improvements to ASYNC_WAIT_CTX_clear_fd 2017-02-13 15:29:43 +00:00
bf Remove a pointless "#ifndef" from bf_enc.c 2017-02-28 15:17:46 +00:00
bio bio/b_addr.c: omit private hstrerror. 2017-03-02 16:28:54 +01:00
blake2 Fix some extra or missing whitespaces... 2017-01-25 09:06:34 +00:00
bn Ensure we don't call memcpy with a NULL pointer 2017-03-03 23:49:24 +00:00
buffer Check for errors allocating the error strings. 2016-07-20 19:20:53 +02:00
camellia camellia/asm/cmll-x86_64.pl: add CFI annotations. 2017-02-26 21:26:09 +01:00
cast Code health: With the VAX C-ism gone, OPENSSL_GLOBAL can be removed too 2017-02-28 20:23:07 +01:00
chacha chacha/asm/chacha-x86_64.pl: add CFI annotations. 2017-02-26 21:26:06 +01:00
cmac Don't use deprecated EVP_CIPHER_CTX_cleanup() internally 2017-03-01 11:42:50 +01:00
cms Set EVP_PKEY_CTX in SignerInfo 2017-01-08 01:42:49 +00:00
comp Fix zlib BIO_METHOD for latest BIO_METHOD structure changes 2016-11-08 13:58:10 +00:00
conf Fix out-of-memory condition in conf 2017-03-12 00:19:14 +00:00
ct Fix faulty free 2017-01-29 15:31:01 +01:00
des des/des_locl.h: clean up unused/irrelevant macros. 2017-03-02 16:16:52 +01:00
dh Better check of DH parameters in TLS data 2017-01-26 10:54:01 +00:00
dsa Style 2017-01-25 09:06:34 +00:00
dso Remove some commented out code in libcrypto 2017-02-28 16:02:11 +00:00
ec Increase the size of the stack buffer to prevent an overflow. 2017-02-24 00:00:32 +01:00
engine Only enable CRYPTO_3DES_ECB if that name is an existing macro 2017-01-10 14:59:39 +01:00
err Clean up references to FIPS 2017-02-28 15:26:25 +01:00
evp evp/e_aes_cbc_hmac_{sha1|sha256}.c: tag reference code. 2017-03-02 16:25:36 +01:00
hmac Remove support for HMAC_TEST_PRIVATE_KEY_FORMAT 2017-02-28 19:46:01 +01:00
idea Remove/rename some old files. 2016-06-01 11:29:57 -04:00
include/internal Remove dead code in bn 2017-02-28 14:46:24 +00:00
kdf Following the changes to HKDF to accept a mode, add some tests for this 2016-11-09 10:36:54 +00:00
lhash Remove some commented out code in libcrypto 2017-02-28 16:02:11 +00:00
md2 Convert memset calls to OPENSSL_cleanse 2016-06-30 15:51:57 +01:00
md4 Remove/rename some old files. 2016-06-01 11:29:57 -04:00
md5 {md5,rc4}/asm/*-x86_64.pl: add CFI annotations. 2017-02-13 14:16:01 +01:00
mdc2 Convert mdc2 test print to internal test 2016-11-03 13:13:31 +01:00
modes Don't call memcpy if len is zero. 2017-02-20 19:17:53 -05:00
objects Remove some commented out code in libcrypto 2017-02-28 16:02:11 +00:00
ocsp Add OCSP_RESPID_match() 2016-09-22 09:27:45 +01:00
pem Fix MSBLOB format with RSA. 2016-11-17 03:53:02 +00:00
perlasm Fix a few typos 2017-02-14 15:48:51 -05:00
pkcs7 Remove dead code in crypto/pkcs7 2017-02-28 12:58:26 +01:00
pkcs12 Fix memory leak in pkcs12 -export 2017-02-21 14:47:18 -05:00
poly1305 poly1305/asm/poly1305-x86_64.pl: minor AVX512 optimization. 2017-02-26 21:27:54 +01:00
rand Clean up references to FIPS 2017-02-28 15:26:25 +01:00
rc2 Clean away remaining 'selftest' code 2016-11-03 13:15:40 +01:00
rc4 {md5,rc4}/asm/*-x86_64.pl: add CFI annotations. 2017-02-13 14:16:01 +01:00
rc5 Remove/rename some old files. 2016-06-01 11:29:57 -04:00
ripemd Remove trailing whitespace from some files. 2016-10-10 23:36:21 +01:00
rsa Fix an endless loop in rsa_builtin_keygen. 2017-03-06 09:54:17 -05:00
seed Use _WIN32 over WIN32 for preprocessor conditional 2017-02-16 08:59:47 -05:00
sha Clean up references to FIPS 2017-02-28 15:26:25 +01:00
siphash Add support for parameterized SipHash 2017-02-01 14:14:36 -05:00
srp Prevent OOB in SRP base64 code. 2017-02-21 13:07:13 -05:00
stack Don't leak on an OPENSSL_realloc() failure 2016-09-21 20:27:15 +01:00
ts Add error checking, small nit on ouput 2016-10-19 06:37:42 -04:00
txt_db Fix a few memleaks in TXT_DB. 2017-02-21 14:13:58 -05:00
ui Fix UI_get0_action_string() 2017-03-11 01:25:06 +01:00
whrlpool whrlpool/asm/wp-x86_64.pl: add CFI annotations. 2017-02-26 21:26:24 +01:00
x509 X509 time: tighten validation per RFC 5280 2017-02-24 17:37:08 +01:00
x509v3 Remove some commented out code in libcrypto 2017-02-28 16:02:11 +00:00
alphacpuid.pl Add assembly CRYPTO_memcmp. 2016-05-19 22:33:00 +02:00
arm64cpuid.pl Add assembly CRYPTO_memcmp. 2016-05-19 22:33:00 +02:00
arm_arch.h Copyright consolidation 07/10 2016-05-17 14:51:26 -04:00
armcap.c crypto/armcap.c: short-circuit processor capability probe in iOS builds. 2017-02-15 23:16:23 +01:00
armv4cpuid.pl ARMv4 assembly pack: harmonize Thumb-ification of iOS build. 2017-02-15 23:16:01 +01:00
build.info Move OS-specific fopen quirks to o_fopen.c. 2016-06-22 21:51:53 +02:00
c64xpluscpuid.pl Add assembly CRYPTO_memcmp. 2016-05-19 22:33:00 +02:00
cpt_err.c Check for errors allocating the error strings. 2016-07-20 19:20:53 +02:00
cryptlib.c Remove some obsolete/obscure internal define switches: 2017-03-01 10:44:49 +01:00
cversion.c Copyright consolidation 08/10 2016-05-17 14:51:34 -04:00
dllmain.c Copyright consolidation 09/10 2016-05-17 14:53:16 -04:00
ebcdic.c Copyright consolidation 05/10 2016-05-17 15:38:09 -04:00
ex_data.c Combined patch against master branch for the following issues: 2017-02-03 20:39:52 +01:00
ia64cpuid.S Add final(?) set of copyrights. 2016-06-01 11:27:25 -04:00
init.c Add "random malloc failure" tooling 2017-01-12 11:27:27 -05:00
LPdir_nyi.c Remove the silly CVS markers from LPdir_*.c 2016-07-16 07:58:23 +02:00
LPdir_unix.c Remove the silly CVS markers from LPdir_*.c 2016-07-16 07:58:23 +02:00
LPdir_vms.c Copyright consolidation 05/10 2016-05-17 15:38:09 -04:00
LPdir_win.c Fix mingw build 2016-07-18 10:47:07 +01:00
LPdir_win32.c Remove the silly CVS markers from LPdir_*.c 2016-07-16 07:58:23 +02:00
LPdir_wince.c Remove the silly CVS markers from LPdir_*.c 2016-07-16 07:58:23 +02:00
mem.c Removed ugly size_t less than zero check. 2017-02-21 12:30:23 -05:00
mem_clr.c Fix some style issues... 2016-08-02 09:59:23 +02:00
mem_dbg.c fix crypto-mdebug build 2016-07-20 12:41:31 +01:00
mem_sec.c sh_malloc & sh_free prototype change to match POSIX 2017-03-02 19:16:57 -05:00
mips_arch.h Remove trailing whitespace from some files. 2016-10-10 23:36:21 +01:00
o_dir.c Fix typo, missing || 2017-02-22 19:51:04 +01:00
o_fips.c Clean up references to FIPS 2017-02-28 15:26:25 +01:00
o_fopen.c Fix a few if(, for(, while( inside code. 2016-07-20 07:21:53 -04:00
o_init.c Clean up references to FIPS 2017-02-28 15:26:25 +01:00
o_str.c Add -Wundef to --strict-warnings options. 2017-02-24 09:21:59 +01:00
o_time.c Reset executable bits on files where not needed. 2017-03-03 09:13:40 +01:00
pariscid.pl Add assembly CRYPTO_memcmp. 2016-05-19 22:33:00 +02:00
ppc_arch.h GH919: Fix wrappers for two headers 2016-05-24 11:04:38 -04:00
ppccap.c Revert "Move algorithm specific ppccap code from crypto/ppccap.c" 2016-11-10 16:24:02 +01:00
ppccpuid.pl Add assembly CRYPTO_memcmp. 2016-05-19 22:33:00 +02:00
s390xcap.c Fix strict-warnings build 2016-10-18 17:09:47 +01:00
s390xcpuid.S s390x assembly pack: improve portability. 2016-06-06 11:08:04 +02:00
sparc_arch.h Copyright consolidation 09/10 2016-05-17 14:53:16 -04:00
sparccpuid.S Clean up references to FIPS 2017-02-28 15:26:25 +01:00
sparcv9cap.c crypto/sparcv9cap.c: add missing declaration. 2016-08-12 10:26:20 +02:00
threads_none.c Copyright consolidation 04/10 2016-05-17 14:24:46 -04:00
threads_pthread.c Grouped data declarations [skip ci] 2017-02-03 13:48:44 +01:00
threads_win.c Revert "Fixed deadlock in CRYPTO_THREAD_run_once for Windows" 2016-11-14 11:55:13 +00:00
uid.c Fix support for DragonFly BSD 2016-10-22 04:25:17 -04:00
vms_rms.h Copyright consolidation 09/10 2016-05-17 14:53:16 -04:00
x86_64cpuid.pl crypto/x86_64cpuid.pl: move extended feature detection upwards. 2017-03-07 11:17:32 +01:00
x86cpuid.pl Remove OPENSSL_indirect_call() 2017-02-28 20:14:31 -05:00