wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/ssl
History
Matt Caswell 40f26ac782 Fix ssl_get_prev_session overrun 
If OpenSSL is configured with no-tlsext then ssl_get_prev_session can read
past the end of the ClientHello message if the session_id length in the
ClientHello is invalid. This should not cause any security issues since the
underlying buffer is 16k in size. It should never be possible to overrun by
that many bytes.

This is probably made redundant by the previous commit - but you can never be
too careful.

With thanks to Qinghao Tang for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 5e0a80c1c9)
2015-04-14 14:59:54 +01:00
..
.cvsignore Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
bio_ssl.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
d1_both.c Fix RAND_(pseudo_)?_bytes returns 2015-03-25 12:45:17 +00:00
d1_clnt.c Re-align some comments after running the reformat script. 2015-01-22 09:39:01 +00:00
d1_enc.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
d1_lib.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
d1_meth.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
d1_pkt.c Harmonize return values in dtls1_buffer_record 2015-03-10 13:52:37 -07:00
d1_srtp.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
d1_srvr.c Don't send a for ServerKeyExchange for kDHr and kDHd 2015-03-24 22:58:30 +01:00
dtls1.h Fix d2i_SSL_SESSION for DTLS1_BAD_VER 2015-02-27 20:32:49 +00:00
heartbeat_test.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
install-ssl.com Don't forget to install srtp.h as well 2012-05-10 15:01:22 +00:00
kssl.c Re-align some comments after running the reformat script. 2015-01-22 09:39:01 +00:00
kssl.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
kssl_lcl.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
Makefile RT3067: simplify patch 2014-09-24 15:52:41 +02:00
s2_clnt.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
s2_enc.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
s2_lib.c Fix reachable assert in SSLv2 servers. 2015-03-19 12:59:31 +00:00
s2_meth.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
s2_pkt.c Re-align some comments after running the reformat script. 2015-01-22 09:39:01 +00:00
s2_srvr.c Harden SSLv2-supporting servers against Bleichenbacher's attack. 2015-04-08 16:42:28 +02:00
s3_both.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
s3_cbc.c Re-align some comments after running the reformat script. 2015-01-22 09:39:01 +00:00
s3_clnt.c Fix RAND_(pseudo_)?_bytes returns 2015-03-25 12:45:17 +00:00
s3_enc.c Cleanse buffers 2015-03-11 10:49:22 +00:00
s3_lib.c Rerun util/openssl-format-source -v -c . 2015-01-22 09:38:49 +00:00
s3_meth.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
s3_pkt.c Use constants not numbers 2015-03-05 09:30:35 +00:00
s3_srvr.c Check for ClientHello message overruns 2015-04-14 14:50:20 +01:00
s23_clnt.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
s23_lib.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
s23_meth.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
s23_pkt.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
s23_srvr.c Re-align some comments after running the reformat script. 2015-01-22 09:39:01 +00:00
srtp.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssl-lib.com Spaces were added in some strings for better readability. However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces 2014-10-15 10:49:24 +02:00
ssl.h Remove export ciphers from the DEFAULT cipher list 2015-03-07 23:08:12 +01:00
ssl2.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssl3.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssl23.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssl_algs.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssl_asn1.c Fix d2i_SSL_SESSION for DTLS1_BAD_VER 2015-02-27 20:32:49 +00:00
ssl_cert.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssl_ciph.c Remove export ciphers from the DEFAULT cipher list 2015-03-07 23:08:12 +01:00
ssl_err.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssl_err2.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssl_lib.c Fix no-ec warning 2015-02-27 08:57:44 +00:00
ssl_locl.h fix warning 2015-03-08 22:42:23 +00:00
ssl_rsa.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssl_sess.c Fix ssl_get_prev_session overrun 2015-04-14 14:59:54 +01:00
ssl_stat.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssl_task.c Re-align some comments after running the reformat script. 2015-01-22 09:39:01 +00:00
ssl_txt.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssl_utst.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssltest.c Fix error handling in ssltest 2015-02-06 10:10:49 +00:00
t1_clnt.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
t1_enc.c Add sanity check to PRF 2015-03-17 13:49:32 +00:00
t1_lib.c Fix RAND_(pseudo_)?_bytes returns 2015-03-25 12:45:17 +00:00
t1_meth.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
t1_reneg.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
t1_srvr.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
tls1.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
tls_srp.c Fix RAND_(pseudo_)?_bytes returns 2015-03-25 12:45:17 +00:00