generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
a801bf2638
openssl/crypto
History
Matt Caswell a801bf2638 Fix memory issues in BIO_*printf functions 
The internal |fmtstr| function used in processing a "%s" format string
in the BIO_*printf functions could overflow while calculating the length
of a string and cause an OOB read when printing very long strings.

Additionally the internal |doapr_outch| function can attempt to write to
an OOB memory location (at an offset from the NULL pointer) in the event of
a memory allocation failure. In 1.0.2 and below this could be caused where
the size of a buffer to be allocated is greater than INT_MAX. E.g. this
could be in processing a very long "%s" format string. Memory leaks can also
occur.

These issues will only occur on certain platforms where sizeof(size_t) >
sizeof(int). E.g. many 64 bit systems. The first issue may mask the second
issue dependent on compiler behaviour.

These problems could enable attacks where large amounts of untrusted data
is passed to the BIO_*printf functions. If applications use these functions
in this way then they could be vulnerable. OpenSSL itself uses these
functions when printing out human-readable dumps of ASN.1 data. Therefore
applications that print this data could be vulnerable if the data is from
untrusted sources. OpenSSL command line applications could also be
vulnerable where they print out ASN.1 data, or if untrusted data is passed
as command line arguments.

Libssl is not considered directly vulnerable. Additionally certificates etc
received via remote connections via libssl are also unlikely to be able to
trigger these issues because of message size limits enforced within libssl.

CVE-2016-0799

Issue reported by Guido Vranken.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 578b956fe7)
2016-02-25 22:48:17 +00:00
..
aes Remove the "eay" c-file-style indicators 2015-12-18 13:13:31 +01:00
asn1 Fix leak with ASN.1 combine. 2015-12-03 13:45:13 +01:00
bf RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
bio Fix memory issues in BIO_*printf functions 2016-02-25 22:48:17 +00:00
bn GH714: missing field initialisation 2016-02-23 13:21:48 -05:00
buffer BUF_strndup: tidy 2015-09-22 20:09:42 +02:00
camellia Fix URLs mangled by reformat 2015-12-19 20:40:39 +00:00
cast RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
cmac RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
cms Fix missing malloc return value checks 2015-11-09 23:00:37 +00:00
comp RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
conf mark openssl configuration as loaded at end of OPENSSL_config 2015-11-24 22:05:47 +01:00
des Remove the "eay" c-file-style indicators 2015-12-18 13:13:31 +01:00
dh RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
dsa Fix double free in DSA private key parsing. 2016-02-19 14:04:21 +00:00
dso Remove the "eay" c-file-style indicators 2015-12-18 13:13:31 +01:00
ec Fix URLs mangled by reformat 2015-12-19 20:40:39 +00:00
ecdh RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
ecdsa RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
engine Remove the "eay" c-file-style indicators 2015-12-18 13:13:31 +01:00
err RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
evp Remove the "eay" c-file-style indicators 2015-12-18 13:13:31 +01:00
hmac Fix memory leaks and other mistakes on errors 2015-10-23 20:38:52 +02:00
idea RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
jpake Fix missing malloc return value checks 2015-11-09 23:00:37 +00:00
krb5 RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
lhash RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
md2 RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
md4 RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
md5 RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
mdc2 RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
modes modes/ctr128.c: pay attention to ecount_buf alignment in CRYPTO_ctr128_encrypt. 2016-02-12 22:01:13 +01:00
objects RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
ocsp Remove useless code 2015-10-23 20:47:53 +02:00
pem Fix missing malloc return value checks 2015-11-09 23:00:37 +00:00
perlasm Reduce version skew. 2012-06-08 09:18:47 +00:00
pkcs7 Fix missing malloc return value checks 2015-11-09 23:00:37 +00:00
pkcs12 Set salt length after the malloc has succeeded 2015-10-23 20:39:25 +02:00
pqueue RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
rand Remove the "eay" c-file-style indicators 2015-12-18 13:13:31 +01:00
rc2 RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
rc4 Remove the "eay" c-file-style indicators 2015-12-18 13:13:31 +01:00
rc5 RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
ripemd RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
rsa Don't check RSA_FLAG_SIGN_VER. 2015-12-20 19:28:23 +00:00
seed Remove the "eay" c-file-style indicators 2015-12-18 13:13:31 +01:00
sha Cleanup the EVP_MD_CTX before exit rather than after 2015-12-08 12:07:22 +01:00
srp CVE-2016-0798: avoid memory leak in SRP 2016-02-25 15:44:21 +01:00
stack RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
store Remove the "eay" c-file-style indicators 2015-12-18 13:13:31 +01:00
threads Cleanup mttest.c : because we no longer use stdio here, don't include it 2015-06-21 22:13:28 +02:00
ts Fix X509_STORE_CTX_cleanup() 2016-01-04 21:50:01 -05:00
txt_db RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
ui Remove the "eay" c-file-style indicators 2015-12-18 13:13:31 +01:00
whrlpool RT4044: Remove .cvsignore files. 2015-09-15 12:00:18 -04:00
x509 Fix X509_STORE_CTX_cleanup() 2016-01-04 21:50:01 -05:00
x509v3 Remove the "eay" c-file-style indicators 2015-12-18 13:13:31 +01:00
alphacpuid.pl Alpha assembler fixed from HEAD. 2011-08-12 12:31:08 +00:00
arm_arch.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
armcap.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
armv4cpuid.S ARM assembler pack update from HEAD. 2011-11-14 20:58:01 +00:00
constant_time_locl.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
constant_time_test.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
cpt_err.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
cryptlib.c RT3823: Improve the robustness of event logging 2015-09-21 14:36:39 -04:00
cryptlib.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
crypto-lib.com Spaces were added in some strings for better readability. However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces 2014-10-15 10:49:24 +02:00
crypto.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
cversion.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ebcdic.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ebcdic.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ex_data.c Fix memory leak reporting. 2015-02-09 13:01:28 +00:00
fips_err.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
fips_ers.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ia64cpuid.S IA64 assembler pack update from HEAD. 2011-11-14 20:45:57 +00:00
install-crypto.com Adjust VMS build to Unix build. Most of all, make it so the disabled 2014-10-15 10:49:08 +02:00
LPdir_nyi.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
LPdir_unix.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
LPdir_vms.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
LPdir_win32.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
LPdir_win.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
LPdir_wince.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
Makefile Fix the update target and remove duplicate file updates 2015-05-23 11:22:10 +02:00
md32_common.h md32_common.h: backport ICC fix. 2015-05-26 09:58:12 +02:00
mem_clr.c Remove the "eay" c-file-style indicators 2015-12-18 13:13:31 +01:00
mem_dbg.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
mem.c Fix CRYPTO_strdup 2015-04-22 17:24:47 +01:00
o_dir_test.c Remove the "eay" c-file-style indicators 2015-12-18 13:13:31 +01:00
o_dir.c Remove the "eay" c-file-style indicators 2015-12-18 13:13:31 +01:00
o_dir.h Remove the "eay" c-file-style indicators 2015-12-18 13:13:31 +01:00
o_fips.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
o_init.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
o_str.c Remove the "eay" c-file-style indicators 2015-12-18 13:13:31 +01:00
o_str.h Remove the "eay" c-file-style indicators 2015-12-18 13:13:31 +01:00
o_time.c Remove the "eay" c-file-style indicators 2015-12-18 13:13:31 +01:00
o_time.h Remove the "eay" c-file-style indicators 2015-12-18 13:13:31 +01:00
opensslconf.h.in Use both sun and __sun 2015-11-24 23:44:50 +01:00
opensslv.h Prepare for 1.0.1s-dev 2016-01-28 17:06:38 +00:00
ossl_typ.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
pariscid.pl PA-RISC assembler pack: switch to bve in 64-bit builds. 2013-06-30 23:15:53 +02:00
ppccap.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ppccpuid.pl ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance 2012-04-27 20:20:15 +00:00
s390xcap.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
s390xcpuid.S s390x assembler pack update from HEAD. 2011-11-14 20:47:22 +00:00
sparccpuid.S Conversion to UTF-8 where needed 2015-07-14 01:18:57 +02:00
sparcv9cap.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
symhacks.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
uid.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
vms_rms.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
x86_64cpuid.pl x86_64 assembly pack: make Windows build more robust [from master]. 2013-01-22 22:54:04 +01:00
x86cpuid.pl x86cpuid.pl: make it work with older CPUs. 2013-03-18 19:50:23 +01:00