generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/ssl
History
Matt Caswell 80a06268ae Add length sanity check in SSLv2 n_do_ssl_write() 
Fortify flagged up a problem in n_do_ssl_write() in SSLv2. Analysing the
code I do not believe there is a real problem here. However the logic flows
are complicated enough that a sanity check of |len| is probably worthwhile.

Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3
Solutions) for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit c5f8cd7bc661f90dc012c9d2bae1808a4281985f)
2015-04-29 17:44:02 +01:00
..
.cvsignore
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
bio_ssl.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
d1_both.c
Code style: space after 'if'
2015-04-16 13:51:51 -04:00
d1_clnt.c
Re-align some comments after running the reformat script.
2015-01-22 09:39:01 +00:00
d1_enc.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
d1_lib.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
d1_meth.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
d1_pkt.c
Harmonize return values in dtls1_buffer_record
2015-03-10 13:52:37 -07:00
d1_srtp.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
d1_srvr.c
Don't send a for ServerKeyExchange for kDHr and kDHd
2015-03-24 22:58:30 +01:00
dtls1.h
Fix d2i_SSL_SESSION for DTLS1_BAD_VER
2015-02-27 20:32:49 +00:00
heartbeat_test.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
install-ssl.com
Don't forget to install srtp.h as well
2012-05-10 15:01:22 +00:00
kssl_lcl.h
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
kssl.c
Re-align some comments after running the reformat script.
2015-01-22 09:39:01 +00:00
kssl.h
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
Makefile
make update
2015-04-21 17:53:36 +02:00
s2_clnt.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
s2_enc.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
s2_lib.c
Fix reachable assert in SSLv2 servers.
2015-03-19 12:59:31 +00:00
s2_meth.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
s2_pkt.c
Add length sanity check in SSLv2 n_do_ssl_write()
2015-04-29 17:44:02 +01:00
s2_srvr.c
Harden SSLv2-supporting servers against Bleichenbacher's attack.
2015-04-08 16:42:28 +02:00
s3_both.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
s3_cbc.c
Re-align some comments after running the reformat script.
2015-01-22 09:39:01 +00:00
s3_clnt.c
Repair EAP-FAST session resumption
2015-04-21 19:37:17 +02:00
s3_enc.c
Cleanse buffers
2015-03-11 10:49:22 +00:00
s3_lib.c
Rerun util/openssl-format-source -v -c .
2015-01-22 09:38:49 +00:00
s3_meth.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
s3_pkt.c
Use constants not numbers
2015-03-05 09:30:35 +00:00
s3_srvr.c
Error out immediately on empty ciphers list.
2015-04-17 18:47:25 +02:00
s23_clnt.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
s23_lib.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
s23_meth.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
s23_pkt.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
s23_srvr.c
Re-align some comments after running the reformat script.
2015-01-22 09:39:01 +00:00
srtp.h
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
ssl2.h
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
ssl3.h
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
ssl23.h
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
ssl_algs.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
ssl_asn1.c
Fix d2i_SSL_SESSION for DTLS1_BAD_VER
2015-02-27 20:32:49 +00:00
ssl_cert.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
ssl_ciph.c
Remove export ciphers from the DEFAULT cipher list
2015-03-07 23:08:12 +01:00
ssl_err2.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
ssl_err.c
Repair EAP-FAST session resumption
2015-04-21 19:37:17 +02:00
ssl_lib.c
Fix no-ec warning
2015-02-27 08:57:44 +00:00
ssl_locl.h
fix warning
2015-03-08 22:42:23 +00:00
ssl_rsa.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
ssl_sess.c
Fix ssl_get_prev_session overrun
2015-04-14 14:59:54 +01:00
ssl_stat.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
ssl_task.c
Re-align some comments after running the reformat script.
2015-01-22 09:39:01 +00:00
ssl_txt.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
ssl_utst.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
ssl-lib.com
Spaces were added in some strings for better readability. However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces
2014-10-15 10:49:24 +02:00
ssl.h
Repair EAP-FAST session resumption
2015-04-21 19:37:17 +02:00
ssltest.c
Fix error handling in ssltest
2015-02-06 10:10:49 +00:00
t1_clnt.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
t1_enc.c
Code style: space after 'if'
2015-04-16 13:51:51 -04:00
t1_lib.c
Code style: space after 'if'
2015-04-16 13:51:51 -04:00
t1_meth.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
t1_reneg.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
t1_srvr.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
tls1.h
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
tls_srp.c
Code style: space after 'if'
2015-04-16 13:51:51 -04:00