wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto
History
Emilia Kasper e2acb69c76 PKCS#7: avoid NULL pointer dereferences with missing content 
In PKCS#7, the ASN.1 content component is optional.
This typically applies to inner content (detached signatures),
however we must also handle unexpected missing outer content
correctly.

This patch only addresses functions reachable from parsing,
decryption and verification, and functions otherwise associated
with reading potentially untrusted data.

Correcting all low-level API calls requires further work.

CVE-2015-0289

Thanks to Michal Zalewski (Google) for reporting this issue.

Reviewed-by: Steve Henson <steve@openssl.org>
2015-03-19 12:59:31 +00:00
..
aes Fix undefined behaviour in shifts. 2015-03-13 21:14:56 -07:00
asn1 Fix ASN1_TYPE_cmp 2015-03-19 12:59:31 +00:00
bf Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
bio Remove dead code from crypto 2015-03-17 14:52:46 +00:00
bn Fix error handling in bn_exp 2015-03-12 09:32:22 +00:00
buffer Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
camellia Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
cast Re-align some comments after running the reformat script. 2015-01-22 09:39:01 +00:00
cmac Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
cms Unchecked malloc fixes 2015-03-05 09:22:50 +00:00
comp Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
conf RT3670: Check return from BUF_MEM_grow_clean 2015-02-12 13:01:42 -05:00
des Fixed bad formatting in crypto/des/spr.h 2015-02-05 09:45:48 -05:00
dh Fix dh_pub_encode 2015-03-12 09:33:46 +00:00
dsa Fix dsa_pub_encode 2015-03-12 09:33:48 +00:00
dso Remove dead code from crypto 2015-03-17 14:52:46 +00:00
ec Avoid reading an unused byte after the buffer 2015-03-14 18:31:54 +01:00
ecdh Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ecdsa Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
engine Replace exit() with error return. 2015-01-27 16:36:25 -05:00
err Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
evp Fix EVP_DigestInit_ex with NULL digest 2015-03-12 09:32:22 +00:00
hmac Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
idea Re-align some comments after running the reformat script. 2015-01-22 09:39:01 +00:00
jpake Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
krb5 Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
lhash Re-align some comments after running the reformat script. 2015-01-22 09:39:01 +00:00
md2 Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
md4 Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
md5 Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
mdc2 Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
modes Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
objects Unchecked malloc fixes 2015-03-05 09:22:50 +00:00
ocsp Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
pem Fix formatting error in pem.h 2015-01-22 14:22:19 +00:00
perlasm Reduce version skew. 2012-06-08 09:18:47 +00:00
pkcs7 PKCS#7: avoid NULL pointer dereferences with missing content 2015-03-19 12:59:31 +00:00
pkcs12 Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
pqueue Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
rand Unchecked malloc fixes 2015-03-05 09:22:50 +00:00
rc2 Re-align some comments after running the reformat script. 2015-01-22 09:39:01 +00:00
rc4 Re-align some comments after running the reformat script. 2015-01-22 09:39:01 +00:00
rc5 Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ripemd Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
rsa Re-align some comments after running the reformat script. 2015-01-22 09:39:01 +00:00
seed Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
sha Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
srp Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
stack Fix memset call in stack.c 2015-03-17 13:49:31 +00:00
store Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
threads Unchecked malloc fixes 2015-03-05 09:22:50 +00:00
ts Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
txt_db Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ui Assume TERMIOS is default, remove TERMIO on all Linux. 2015-02-22 09:15:11 +01:00
whrlpool Re-align some comments after running the reformat script. 2015-01-22 09:39:01 +00:00
x509 Check public key is not NULL. 2015-03-02 15:26:47 +00:00
x509v3 Fix missing return checks in v3_cpols.c 2015-03-12 09:33:48 +00:00
.cvsignore Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev 2008-04-17 10:19:16 +00:00
alphacpuid.pl Alpha assembler fixed from HEAD. 2011-08-12 12:31:08 +00:00
arm_arch.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
armcap.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
armv4cpuid.S ARM assembler pack update from HEAD. 2011-11-14 20:58:01 +00:00
constant_time_locl.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
constant_time_test.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
cpt_err.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
cryptlib.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
cryptlib.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
crypto-lib.com Spaces were added in some strings for better readability. However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces 2014-10-15 10:49:24 +02:00
crypto.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
cversion.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ebcdic.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ebcdic.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ex_data.c Fix memory leak reporting. 2015-02-09 13:01:28 +00:00
fips_err.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
fips_ers.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ia64cpuid.S IA64 assembler pack update from HEAD. 2011-11-14 20:45:57 +00:00
install-crypto.com Adjust VMS build to Unix build. Most of all, make it so the disabled 2014-10-15 10:49:08 +02:00
LPdir_nyi.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
LPdir_unix.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
LPdir_vms.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
LPdir_win.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
LPdir_win32.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
LPdir_wince.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
Makefile Make output from openssl version -f consistent with previous versions 2015-01-13 11:29:11 +00:00
md32_common.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
mem.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
mem_clr.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
mem_dbg.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
o_dir.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
o_dir.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
o_dir_test.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
o_fips.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
o_init.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
o_str.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
o_str.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
o_time.c Re-align some comments after running the reformat script. 2015-01-22 09:39:01 +00:00
o_time.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
opensslconf.h.in
opensslv.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ossl_typ.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
pariscid.pl PA-RISC assembler pack: switch to bve in 64-bit builds. 2013-06-30 23:15:53 +02:00
ppccap.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ppccpuid.pl ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance 2012-04-27 20:20:15 +00:00
s390xcap.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
s390xcpuid.S s390x assembler pack update from HEAD. 2011-11-14 20:47:22 +00:00
sparccpuid.S sparccpuid.S: work around emulator bug on T1. 2013-02-11 10:41:57 +01:00
sparcv9cap.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
symhacks.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
uid.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
vms_rms.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
x86_64cpuid.pl x86_64 assembly pack: make Windows build more robust [from master]. 2013-01-22 22:54:04 +01:00
x86cpuid.pl x86cpuid.pl: make it work with older CPUs. 2013-03-18 19:50:23 +01:00