openssl

History

Hanno Böck 2b8dc08b74 Call of memcmp with null pointers in obj_cmp()

The function obj_cmp() (file crypto/objects/obj_dat.c) can in some
situations call memcmp() with a null pointer and a zero length.

This is invalid behaviour. When compiling openssl with undefined
behaviour sanitizer (add -fsanitize=undefined to compile flags) this
can be seen. One example that triggers this behaviour is the pkcs7
command (but there are others, e.g. I've seen it with the timestamp
function):
apps/openssl pkcs7 -in test/testp7.pem

What happens is that obj_cmp takes objects of the type ASN1_OBJECT and
passes their ->data pointer to memcmp. Zero-sized ASN1_OBJECT
structures can have a null pointer as data.

RT#3816

Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

2015-05-13 15:23:57 +01:00

aes

aes/asm/aesni-x86.pl: fix typo affecting Windows build.

2015-04-20 18:39:56 +02:00

asn1

Use p==NULL not !p (in if statements, mainly)

2015-05-11 10:06:38 -04:00

Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant

2015-03-31 20:16:01 +02:00

bio

Use p==NULL not !p (in if statements, mainly)

2015-05-11 10:06:38 -04:00

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

buffer

Use safer sizeof variant in malloc

2015-05-04 15:00:13 -04:00

camellia

Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant

2015-03-31 20:16:01 +02:00

cast

Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant

2015-03-31 20:16:01 +02:00

cmac

Use "==0" instead of "!strcmp" etc

2015-05-06 22:37:53 -04:00

cms

Use p==NULL not !p (in if statements, mainly)

2015-05-11 10:06:38 -04:00

comp

Make COMP_CTX and COMP_METHOD opaque

2015-05-12 10:24:48 -04:00

conf

Use p==NULL not !p (in if statements, mainly)

2015-05-11 10:06:38 -04:00

des

Sanity check DES_enc_write buffer length

2015-04-30 23:12:39 +01:00

Use p==NULL not !p (in if statements, mainly)

2015-05-11 10:06:38 -04:00

dsa

Use p==NULL not !p (in if statements, mainly)

2015-05-11 10:06:38 -04:00

dso

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

Use p==NULL not !p (in if statements, mainly)

2015-05-11 10:06:38 -04:00

ecdh

Use safer sizeof variant in malloc

2015-05-04 15:00:13 -04:00

ecdsa

Use safer sizeof variant in malloc

2015-05-04 15:00:13 -04:00

engine

Use "==0" instead of "!strcmp" etc

2015-05-06 22:37:53 -04:00

err

Use safer sizeof variant in malloc

2015-05-04 15:00:13 -04:00

evp

Remove Kerberos support from libssl

2015-05-13 15:07:57 +01:00

hmac

Use "==0" instead of "!strcmp" etc

2015-05-06 22:37:53 -04:00

idea

Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant

2015-03-31 20:16:01 +02:00

include/internal

Error checking and memory leak fixes in NISTZ256.

2015-04-27 16:21:48 +02:00

jpake

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

lhash

Use safer sizeof variant in malloc

2015-05-04 15:00:13 -04:00

md2

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

md4

Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant

2015-03-31 20:16:01 +02:00

md5

Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant

2015-03-31 20:16:01 +02:00

mdc2

Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant

2015-03-31 20:16:01 +02:00

modes

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

objects

Call of memcmp with null pointers in obj_cmp()

2015-05-13 15:23:57 +01:00

ocsp

Use p==NULL not !p (in if statements, mainly)

2015-05-11 10:06:38 -04:00

pem

Use p==NULL not !p (in if statements, mainly)

2015-05-11 10:06:38 -04:00

perlasm

Add assembly support for 32-bit iOS.

2015-04-20 15:06:22 +02:00

pkcs7

Use p==NULL not !p (in if statements, mainly)

2015-05-11 10:06:38 -04:00

pkcs12

Use p==NULL not !p (in if statements, mainly)

2015-05-11 10:06:38 -04:00

pqueue

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

rand

Add OSSL_NELEM macro.

2015-05-03 12:53:08 +01:00

rc2

Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant

2015-03-31 20:16:01 +02:00

rc4

Remove outdated RC4 files

2015-05-02 07:23:58 -04:00

rc5

Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant

2015-03-31 20:16:01 +02:00

ripemd

Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant

2015-03-31 20:16:01 +02:00

rsa

Use p==NULL not !p (in if statements, mainly)

2015-05-11 10:06:38 -04:00

seed

Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant

2015-03-31 20:16:01 +02:00

sha

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

srp

Use p==NULL not !p (in if statements, mainly)

2015-05-11 10:06:38 -04:00

stack

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

store

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

threads

free null cleanup finale

2015-05-01 10:02:07 -04:00

Use p==NULL not !p (in if statements, mainly)

2015-05-11 10:06:38 -04:00

txt_db

Use p==NULL not !p (in if statements, mainly)

2015-05-11 10:06:38 -04:00

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

whrlpool

Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant

2015-03-31 20:16:01 +02:00

x509

Use p==NULL not !p (in if statements, mainly)

2015-05-11 10:06:38 -04:00

x509v3

Use p==NULL not !p (in if statements, mainly)

2015-05-11 10:06:38 -04:00

alphacpuid.pl

alphacpuid.pl: fix alignment bug.

2011-08-12 12:28:52 +00:00

arm64cpuid.pl

Add assembly support to ios64-cross.

2015-01-23 15:38:41 +01:00

arm_arch.h

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

armcap.c

Add assembly support for 32-bit iOS.

2015-04-20 15:06:22 +02:00

armv4cpuid.pl

Add assembly support for 32-bit iOS.

2015-04-20 15:06:22 +02:00

c64xpluscpuid.pl

C64x+ assembly pack: make it work with older toolchain.

2014-05-04 16:38:32 +02:00

constant_time_locl.h

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

cpt_err.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

cryptlib.c

more OSSL_NELEM cases

2015-05-04 13:03:49 +01:00

cryptlib.h

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

crypto-lib.com

Remove remaining Kerberos references

2015-05-13 15:08:10 +01:00

cversion.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

ebcdic.c

Appease clang -Wempty-translation-unit

2015-04-04 17:05:49 +02:00

ex_data.c

Use safer sizeof variant in malloc

2015-05-04 15:00:13 -04:00

fips_err.h

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

fips_ers.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

ia64cpuid.S

IA-64 assembler pack: fix typos and make it work on HP-UX.

2011-05-07 20:36:05 +00:00

install-crypto.com

Remove remaining Kerberos references

2015-05-13 15:08:10 +01:00

lock.c

Use safer sizeof variant in malloc

2015-05-04 15:00:13 -04:00

LPdir_nyi.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

LPdir_unix.c

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

LPdir_vms.c

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

LPdir_win32.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

LPdir_win.c

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

LPdir_wince.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

Makefile

Add assembly support for 32-bit iOS.

2015-04-20 15:06:22 +02:00

md32_common.h

Keep disclaiming 16-bit support.

2015-01-23 19:09:01 +01:00

mem_clr.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

mem_dbg.c

Use safer sizeof variant in malloc

2015-05-04 15:00:13 -04:00

mem.c

free null cleanup finale

2015-05-01 10:02:07 -04:00

o_dir_test.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

o_dir.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

o_dir.h

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

o_fips.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

o_init.c

Dead code cleanup: crypto/*.c, x509v3, demos

2015-02-02 11:08:16 -05:00

o_str.c

ifdef cleanup part 3: OPENSSL_SYSNAME

2015-01-23 11:58:26 -05:00

o_str.h

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

o_time.c

Re-align some comments after running the reformat script.

2015-01-22 09:20:10 +00:00

opensslconf.h.in

RT3548: Remove unsupported platforms

2014-12-28 01:17:52 -05:00

pariscid.pl

PA-RISC assembler pack: switch to bve in 64-bit builds.

2013-06-18 10:37:00 +02:00

ppc_arch.h

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

ppccap.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

ppccpuid.pl

aesp8-ppc.pl: fix typos.

2014-06-04 08:34:18 +02:00

s390xcap.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

s390xcpuid.S

Multiple assembler packs: add experimental memory bus instrumentation.

2011-04-17 12:46:00 +00:00

sparc_arch.h

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

sparccpuid.S

sparccpuid.S: work around emulator bug on T1.

2013-02-11 10:39:50 +01:00

sparcv9cap.c

Dead code cleanup: crypto/*.c, x509v3, demos

2015-02-02 11:08:16 -05:00

thr_id.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

uid.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

vms_rms.h

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

x86_64cpuid.pl

x86[_64]cpuid.pl: add low-level RDSEED.

2014-02-14 17:24:12 +01:00

x86cpuid.pl

Undo a90081576c94f9f54de1755188a00ccc1760549a

2014-08-09 08:02:20 -04:00