generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
578b956fe7
openssl/crypto
History
Matt Caswell 578b956fe7 Fix memory issues in BIO_*printf functions 
The internal |fmtstr| function used in processing a "%s" format string
in the BIO_*printf functions could overflow while calculating the length
of a string and cause an OOB read when printing very long strings.

Additionally the internal |doapr_outch| function can attempt to write to
an OOB memory location (at an offset from the NULL pointer) in the event of
a memory allocation failure. In 1.0.2 and below this could be caused where
the size of a buffer to be allocated is greater than INT_MAX. E.g. this
could be in processing a very long "%s" format string. Memory leaks can also
occur.

These issues will only occur on certain platforms where sizeof(size_t) >
sizeof(int). E.g. many 64 bit systems. The first issue may mask the second
issue dependent on compiler behaviour.

These problems could enable attacks where large amounts of untrusted data
is passed to the BIO_*printf functions. If applications use these functions
in this way then they could be vulnerable. OpenSSL itself uses these
functions when printing out human-readable dumps of ASN.1 data. Therefore
applications that print this data could be vulnerable if the data is from
untrusted sources. OpenSSL command line applications could also be
vulnerable where they print out ASN.1 data, or if untrusted data is passed
as command line arguments.

Libssl is not considered directly vulnerable. Additionally certificates etc
received via remote connections via libssl are also unlikely to be able to
trigger these issues because of message size limits enforced within libssl.

CVE-2016-0799

Issue reported by Guido Vranken.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 22:47:13 +00:00
..
aes Remove the "eay" c-file-style indicators 2015-12-18 13:39:34 +01:00
asn1 Fix leak with ASN.1 combine. 2015-12-03 14:32:05 +00:00
bf RT4044: Remove .cvsignore files. 2015-09-15 11:58:27 -04:00
bio Fix memory issues in BIO_*printf functions 2016-02-25 22:47:13 +00:00
bn GH714: missing field initialisation 2016-02-23 13:21:07 -05:00
buffer BUF_strndup: tidy 2015-09-22 20:04:01 +02:00
camellia Fix URLs mangled by reformat 2015-12-19 14:43:43 +00:00
cast RT4044: Remove .cvsignore files. 2015-09-15 11:58:27 -04:00
cmac Switch to FIPS implementation for CMAC. 2016-02-16 22:52:59 +00:00
cms Fix missing malloc return value checks 2015-11-09 22:54:19 +00:00
comp RT4044: Remove .cvsignore files. 2015-09-15 11:58:27 -04:00
conf mark openssl configuration as loaded at end of OPENSSL_config 2015-11-24 22:05:10 +01:00
des Remove the "eay" c-file-style indicators 2015-12-18 13:39:34 +01:00
dh Add missing return value checks 2016-01-29 11:58:45 +00:00
dsa Fix double free in DSA private key parsing. 2016-02-19 14:03:07 +00:00
dso Remove the "eay" c-file-style indicators 2015-12-18 13:39:34 +01:00
ec ec/asm/ecp_nistz256-x86_64.pl: get corner case logic right. 2016-02-23 21:26:53 +01:00
ecdh RT4044: Remove .cvsignore files. 2015-09-15 11:58:27 -04:00
ecdsa RT4044: Remove .cvsignore files. 2015-09-15 11:58:27 -04:00
engine Remove the "eay" c-file-style indicators 2015-12-18 13:39:34 +01:00
err RT4044: Remove .cvsignore files. 2015-09-15 11:58:27 -04:00
evp evp/e_des3.c: address compiler warning. 2016-02-19 13:34:42 +01:00
hmac Fix memory leaks and other mistakes on errors 2015-10-23 19:58:54 +02:00
idea RT4044: Remove .cvsignore files. 2015-09-15 11:58:27 -04:00
jpake Fix missing malloc return value checks 2015-11-09 22:54:19 +00:00
krb5 RT4044: Remove .cvsignore files. 2015-09-15 11:58:27 -04:00
lhash RT4044: Remove .cvsignore files. 2015-09-15 11:58:27 -04:00
md2 RT4044: Remove .cvsignore files. 2015-09-15 11:58:27 -04:00
md4 RT4044: Remove .cvsignore files. 2015-09-15 11:58:27 -04:00
md5 RT4044: Remove .cvsignore files. 2015-09-15 11:58:27 -04:00
mdc2 RT4044: Remove .cvsignore files. 2015-09-15 11:58:27 -04:00
modes modes/ctr128.c: pay attention to ecount_buf alignment in CRYPTO_ctr128_encrypt. 2016-02-12 22:00:13 +01:00
objects RT4044: Remove .cvsignore files. 2015-09-15 11:58:27 -04:00
ocsp Remove useless code 2015-10-23 20:32:59 +02:00
pem Fix missing malloc return value checks 2015-11-09 22:54:19 +00:00
perlasm perlasm/x86_64-xlate.pl: pass pure constants verbatim. 2016-02-11 21:26:44 +01:00
pkcs7 RT4175: Fix PKCS7_verify() regression with Authenticode signatures 2016-02-23 10:16:15 -05:00
pkcs12 Set salt length after the malloc has succeeded 2015-10-23 19:59:34 +02:00
pqueue RT4044: Remove .cvsignore files. 2015-09-15 11:58:27 -04:00
rand Remove the "eay" c-file-style indicators 2015-12-18 13:39:34 +01:00
rc2 RT4044: Remove .cvsignore files. 2015-09-15 11:58:27 -04:00
rc4 Remove the "eay" c-file-style indicators 2015-12-18 13:39:34 +01:00
rc5 RT4044: Remove .cvsignore files. 2015-09-15 11:58:27 -04:00
ripemd RT4044: Remove .cvsignore files. 2015-09-15 11:58:27 -04:00
rsa Don't check RSA_FLAG_SIGN_VER. 2015-12-20 19:27:03 +00:00
seed Remove the "eay" c-file-style indicators 2015-12-18 13:39:34 +01:00
sha x86_64 assembly pack: tune clang version detection even further. 2015-12-13 22:19:32 +01:00
srp CVE-2016-0798: avoid memory leak in SRP 2016-02-24 18:39:13 +01:00
stack if no comparison function set make sk_sort no op 2016-02-06 18:49:56 +00:00
store Remove the "eay" c-file-style indicators 2015-12-18 13:39:34 +01:00
threads Cleanup mttest.c : because we no longer use stdio here, don't include it 2015-06-21 22:12:07 +02:00
ts Fix X509_STORE_CTX_cleanup() 2016-01-02 11:14:05 -05:00
txt_db RT4044: Remove .cvsignore files. 2015-09-15 11:58:27 -04:00
ui Remove the "eay" c-file-style indicators 2015-12-18 13:39:34 +01:00
whrlpool RT4044: Remove .cvsignore files. 2015-09-15 11:58:27 -04:00
x509 Fix missing ok=0 with locally blacklisted CAs 2016-02-05 10:54:11 -05:00
x509v3 NGX-2040 - fix wildcard match on punycode/IDNA DNS names 2016-01-15 14:48:17 -05:00
alphacpuid.pl Alpha assembler fixed from HEAD. 2011-08-12 12:31:08 +00:00
arm64cpuid.S Add linux-aarch64 taget. 2014-06-10 23:20:55 +02:00
arm_arch.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
armcap.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
armv4cpuid.S Remove inconsistency in ARM support. 2015-01-06 11:14:23 +01:00
constant_time_locl.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
constant_time_test.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
cpt_err.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
cryptlib.c GH102: Add volatile to CRYPTO_memcmp 2016-01-30 14:41:23 -05:00
cryptlib.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
crypto-lib.com Adjust VMS build to Unix build. Most of all, make it so the disabled 2014-06-18 13:43:09 +02:00
crypto.h GH102: Add volatile to CRYPTO_memcmp 2016-01-30 14:41:23 -05:00
cversion.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
ebcdic.c Appease clang -Wempty-translation-unit 2015-04-08 17:59:40 +02:00
ebcdic.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
ex_data.c Root cause discovered and fixed, this fix became unnecessary 2016-01-13 01:23:34 +01:00
fips_err.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
fips_ers.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
ia64cpuid.S IA64 assembler pack update from HEAD. 2011-11-14 20:45:57 +00:00
install-crypto.com Adjust VMS build to Unix build. Most of all, make it so the disabled 2014-06-18 13:43:09 +02:00
LPdir_nyi.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
LPdir_unix.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
LPdir_vms.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
LPdir_win32.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
LPdir_win.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
LPdir_wince.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
Makefile Fix the update target and remove duplicate file updates 2015-05-23 06:25:12 +02:00
md32_common.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
mem_clr.c Remove the "eay" c-file-style indicators 2015-12-18 13:39:34 +01:00
mem_dbg.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
mem.c Fix CRYPTO_strdup 2015-04-22 17:20:38 +01:00
o_dir_test.c Remove the "eay" c-file-style indicators 2015-12-18 13:39:34 +01:00
o_dir.c Remove the "eay" c-file-style indicators 2015-12-18 13:39:34 +01:00
o_dir.h Remove the "eay" c-file-style indicators 2015-12-18 13:39:34 +01:00
o_fips.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
o_init.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
o_str.c Remove the "eay" c-file-style indicators 2015-12-18 13:39:34 +01:00
o_str.h Remove the "eay" c-file-style indicators 2015-12-18 13:39:34 +01:00
o_time.c Remove the "eay" c-file-style indicators 2015-12-18 13:39:34 +01:00
o_time.h Remove the "eay" c-file-style indicators 2015-12-18 13:39:34 +01:00
opensslconf.h.in Use both sun and __sun 2015-11-24 23:44:05 +01:00
opensslv.h Prepare for 1.0.2g-dev 2016-01-28 13:58:24 +00:00
ossl_typ.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
pariscid.pl PA-RISC assembler pack: switch to bve in 64-bit builds. 2013-06-30 23:13:23 +02:00
ppc_arch.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
ppccap.c RT3990: Fix #include path. 2015-08-05 22:06:22 -04:00
ppccpuid.pl Initial POWER8 support from development branch. 2014-07-20 14:36:49 +02:00
s390xcap.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
s390xcpuid.S s390x assembler pack update from HEAD. 2011-11-14 20:47:22 +00:00
sparc_arch.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
sparccpuid.S Conversion to UTF-8 where needed 2015-07-14 01:17:45 +02:00
sparcv9cap.c crypto/sparcv9cap.c: add SIGILL-free feature detection for Solaris. 2015-12-02 10:56:27 +01:00
symhacks.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
uid.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
vms_rms.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
x86_64cpuid.pl x86[_64]cpuid.pl: add low-level RDSEED. 2014-02-14 17:25:14 +01:00
x86cpuid.pl x86[_64]cpuid.pl: add low-level RDSEED. 2014-02-14 17:25:14 +01:00