Alessandro Ghedini 6905187488 Make BUF_strndup() read-safe on arbitrary inputs ...

BUF_strndup was calling strlen through BUF_strlcpy, and ended up reading
past the input if the input was not a C string.

Make it explicitly part of BUF_strndup's contract to never read more
than |siz| input bytes. This augments the standard strndup contract to
be safer.

The commit also adds a check for siz overflow and some brief documentation
for BUF_strndup().

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 110f7b37de9feecfb64950601cc7cec77cf6130b)
(cherry picked from commit f61216ba9d17430fb5eb3e2b202a209960b9d51b)

2015-09-22 20:09:38 +02:00

..

aes

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

asn1

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

bf

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

bio

RT3479: Add UTF8 support to BIO_read_filename()

2015-09-21 17:33:06 -04:00

bn

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

buffer

Make BUF_strndup() read-safe on arbitrary inputs

2015-09-22 20:09:38 +02:00

camellia

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

cast

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

cmac

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

cms

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

comp

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

conf

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

des

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

dh

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

dsa

This undoes GH367 for non-master

2015-09-18 15:56:45 -04:00

dso

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

ec

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

ecdh

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

ecdsa

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

engine

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

err

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

evp

Fix indentation

2015-09-19 09:10:38 -04:00

hmac

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

idea

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

jpake

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

krb5

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

lhash

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

md2

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

md4

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

md5

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

mdc2

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

modes

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

objects

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

ocsp

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

pem

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

perlasm

Reduce version skew.

2012-06-08 09:18:47 +00:00

pkcs7

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

pkcs12

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

pqueue

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

rand

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

rc2

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

rc4

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

rc5

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

ripemd

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

rsa

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

seed

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

sha

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

srp

Fix SRP memory leaks

2015-09-21 10:26:32 +01:00

stack

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

store

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

threads

Cleanup mttest.c : because we no longer use stdio here, don't include it

2015-06-21 22:13:28 +02:00

ts

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

txt_db

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

ui

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

whrlpool

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

x509

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

x509v3

RT4044: Remove .cvsignore files.

2015-09-15 12:00:18 -04:00

alphacpuid.pl

Alpha assembler fixed from HEAD.

2011-08-12 12:31:08 +00:00

arm_arch.h

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

armcap.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

armv4cpuid.S

ARM assembler pack update from HEAD.

2011-11-14 20:58:01 +00:00

constant_time_locl.h

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

constant_time_test.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

cpt_err.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

cryptlib.c

RT3823: Improve the robustness of event logging

2015-09-21 14:36:39 -04:00

cryptlib.h

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

crypto-lib.com

Spaces were added in some strings for better readability. However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces

2014-10-15 10:49:24 +02:00

crypto.h

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

cversion.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

ebcdic.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

ebcdic.h

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

ex_data.c

Fix memory leak reporting.

2015-02-09 13:01:28 +00:00

fips_err.h

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

fips_ers.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

ia64cpuid.S

IA64 assembler pack update from HEAD.

2011-11-14 20:45:57 +00:00

install-crypto.com

Adjust VMS build to Unix build. Most of all, make it so the disabled

2014-10-15 10:49:08 +02:00

LPdir_nyi.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

LPdir_unix.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

LPdir_vms.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

LPdir_win32.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

LPdir_win.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

LPdir_wince.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

Makefile

Fix the update target and remove duplicate file updates

2015-05-23 11:22:10 +02:00

md32_common.h

md32_common.h: backport ICC fix.

2015-05-26 09:58:12 +02:00

mem_clr.c

Make sure OPENSSL_cleanse checks for NULL

2015-09-17 22:33:31 +01:00

mem_dbg.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

mem.c

Fix CRYPTO_strdup

2015-04-22 17:24:47 +01:00

o_dir_test.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

o_dir.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

o_dir.h

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

o_fips.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

o_init.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

o_str.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

o_str.h

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

o_time.c

Re-align some comments after running the reformat script.

2015-01-22 09:39:01 +00:00

o_time.h

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

opensslconf.h.in

Make preprocessor error into real preprocessor error

2015-06-16 13:14:09 +02:00

opensslv.h

Prepare for 1.0.1q-dev

2015-07-09 13:29:59 +01:00

ossl_typ.h

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

pariscid.pl

PA-RISC assembler pack: switch to bve in 64-bit builds.

2013-06-30 23:15:53 +02:00

ppccap.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

ppccpuid.pl

ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance

2012-04-27 20:20:15 +00:00

s390xcap.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

s390xcpuid.S

s390x assembler pack update from HEAD.

2011-11-14 20:47:22 +00:00

sparccpuid.S

Conversion to UTF-8 where needed

2015-07-14 01:18:57 +02:00

sparcv9cap.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

symhacks.h

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

uid.c

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

vms_rms.h

Run util/openssl-format-source -v -c .

2015-01-22 09:38:39 +00:00

x86_64cpuid.pl

x86_64 assembly pack: make Windows build more robust [from master].

2013-01-22 22:54:04 +01:00

x86cpuid.pl

x86cpuid.pl: make it work with older CPUs.

2013-03-18 19:50:23 +01:00