openssl/ssl
Matt Caswell e408c09bbf Fix OCSP Status Request extension unbounded memory growth
A malicious client can send an excessively large OCSP Status Request
extension. If that client continually requests renegotiation,
sending a large OCSP Status Request extension each time, then there will
be unbounded memory growth on the server. This will eventually lead to a
Denial Of Service attack through memory exhaustion. Servers with a
default configuration are vulnerable even if they do not support OCSP.
Builds using the "no-ocsp" build time option are not affected.

I have also checked other extensions to see if they suffer from a similar
problem but I could not find any other issues.

CVE-2016-6304

Issue reported by Shi Lei.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-22 09:27:45 +01:00
..
record Don't allow too many consecutive warning alerts 2016-09-21 20:17:04 +01:00
statem Fix error message typo, wrong function code 2016-09-22 09:24:49 +01:00
bio_ssl.c Fix BIO_pop for SSL BIOs 2016-07-29 14:09:57 +01:00
build.info First pass at writing a writeable packets API 2016-09-13 09:41:21 +01:00
d1_lib.c Convert tls_construct_client_hello() to use PACKETW 2016-09-13 09:41:21 +01:00
d1_msg.c Whitespace cleanup in ssl folder 2016-06-29 09:56:39 -04:00
d1_srtp.c Convert tls_construct_client_hello() to use PACKETW 2016-09-13 09:41:21 +01:00
methods.c Indent ssl/ 2016-08-18 14:02:29 +02:00
packet.c Convert WPACKET_put_bytes to use convenience macros 2016-09-20 14:47:44 +01:00
packet_locl.h Convert WPACKET_put_bytes to use convenience macros 2016-09-20 14:47:44 +01:00
pqueue.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
s3_cbc.c Indent ssl/ 2016-08-18 14:02:29 +02:00
s3_enc.c Indent ssl/ 2016-08-18 14:02:29 +02:00
s3_lib.c Convert WPACKET_put_bytes to use convenience macros 2016-09-20 14:47:44 +01:00
s3_msg.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_asn1.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_cert.c Style tweaks following review feedback 2016-09-20 10:16:56 +01:00
ssl_ciph.c Remove trailing zeros 2016-08-26 15:18:07 -04:00
ssl_conf.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_err.c Don't allow too many consecutive warning alerts 2016-09-21 20:17:04 +01:00
ssl_init.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_lib.c Revert "Constify code about X509_VERIFY_PARAM" 2016-09-21 10:37:03 -04:00
ssl_locl.h Convert Certificate message construction to WPACKET 2016-09-20 10:16:56 +01:00
ssl_mcnf.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_rsa.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_sess.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_stat.c Add missing debug strings. 2016-09-07 16:08:38 -04:00
ssl_txt.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_utst.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
t1_enc.c Indent ssl/ 2016-08-18 14:02:29 +02:00
t1_ext.c Convert WPACKET_put_bytes to use convenience macros 2016-09-20 14:47:44 +01:00
t1_lib.c Fix OCSP Status Request extension unbounded memory growth 2016-09-22 09:27:45 +01:00
t1_reneg.c Convert tls_construct_client_hello() to use PACKETW 2016-09-13 09:41:21 +01:00
t1_trce.c Ensure trace recognises X25519 2016-09-08 12:34:02 +01:00
tls_srp.c Indent ssl/ 2016-08-18 14:02:29 +02:00