Dr. Stephen Henson 8d038a08fb The fix for CVE-2012-2110 did not take into account that the ...

'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
int in OpenSSL 0.9.8, making it still vulnerable. Fix by
rejecting negative len parameter.

Thanks to the many people who reported this bug and to Tomas Hoger
<thoger@redhat.com> for supplying the fix.

2012-04-23 20:35:55 +00:00

..

.cvsignore

Add emacs cache files to .cvsignore.

2005-04-11 14:17:07 +00:00

buf_err.c

Rebuild error file C source files.

2006-11-21 20:14:46 +00:00

buf_str.c

Merge minor FIPS branch changes: buffer, objects, pem, x509.

2008-09-15 19:56:12 +00:00

buffer.c

The fix for CVE-2012-2110 did not take into account that the

2012-04-23 20:35:55 +00:00

buffer.h

Fix various incorrect error function codes.

2005-04-26 18:53:22 +00:00

Makefile

Make update: delete duplicate error code.

2008-09-17 17:11:09 +00:00