generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/crypto
History
Emilia Kasper c0334c2c92 PKCS#7: avoid NULL pointer dereferences with missing content 
In PKCS#7, the ASN.1 content component is optional.
This typically applies to inner content (detached signatures),
however we must also handle unexpected missing outer content
correctly.

This patch only addresses functions reachable from parsing,
decryption and verification, and functions otherwise associated
with reading potentially untrusted data.

Correcting all low-level API calls requires further work.

CVE-2015-0289

Thanks to Michal Zalewski (Google) for reporting this issue.

Reviewed-by: Steve Henson <steve@openssl.org>
2015-03-19 12:58:35 +00:00
..
aes
Fix undefined behaviour in shifts.
2015-03-13 21:14:20 -07:00
asn1
Fix ASN1_TYPE_cmp
2015-03-19 12:58:35 +00:00
bf
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
bio
Remove dead code from crypto
2015-03-17 14:49:47 +00:00
bn
Fix error handling in bn_exp
2015-03-12 09:29:48 +00:00
buffer
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
camellia
Fix crash in SPARC T4 XTS.
2015-02-24 10:12:57 +01:00
cast
Re-align some comments after running the reformat script.
2015-01-22 09:31:48 +00:00
cmac
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
cms
Unchecked malloc fixes
2015-03-05 09:15:08 +00:00
comp
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
conf
RT3670: Check return from BUF_MEM_grow_clean
2015-02-12 13:01:33 -05:00
des
Fixed bad formatting in crypto/des/spr.h
2015-02-05 09:45:25 -05:00
dh
Fix dh_pub_encode
2015-03-12 09:29:48 +00:00
dsa
Fix dsa_pub_encode
2015-03-12 09:29:48 +00:00
dso
Remove dead code from crypto
2015-03-17 14:49:47 +00:00
ec
Avoid reading an unused byte after the buffer
2015-03-14 18:24:58 +01:00
ecdh
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ecdsa
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
engine
Remove unused eng_rsax and related asm file
2015-01-26 10:46:26 -05:00
err
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
evp
Fix EVP_DigestInit_ex with NULL digest
2015-03-12 09:29:48 +00:00
hmac
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
idea
Re-align some comments after running the reformat script.
2015-01-22 09:31:48 +00:00
jpake
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
krb5
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
lhash
Re-align some comments after running the reformat script.
2015-01-22 09:31:48 +00:00
md2
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
md4
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
md5
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
mdc2
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
modes
modes/gcm128.c: fix OPENSSL_SMALL_FOOTPRINT compile failure
2015-01-30 16:38:42 +01:00
objects
Unchecked malloc fixes
2015-03-05 09:15:08 +00:00
ocsp
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
pem
Fix formatting error in pem.h
2015-01-22 14:11:04 +00:00
perlasm
Fix crash in SPARC T4 XTS.
2015-02-24 10:12:57 +01:00
pkcs7
PKCS#7: avoid NULL pointer dereferences with missing content
2015-03-19 12:58:35 +00:00
pkcs12
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
pqueue
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
rand
Unchecked malloc fixes
2015-03-05 09:15:08 +00:00
rc2
Re-align some comments after running the reformat script.
2015-01-22 09:31:48 +00:00
rc4
Re-align some comments after running the reformat script.
2015-01-22 09:31:48 +00:00
rc5
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ripemd
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
rsa
Reject invalid PSS parameters.
2015-03-19 12:58:35 +00:00
seed
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
sha
sha/asm/sha1-586.pl: fix typo.
2015-02-22 19:22:09 +01:00
srp
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
stack
Fix memset call in stack.c
2015-03-17 13:48:04 +00:00
store
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
threads
Unchecked malloc fixes
2015-03-05 09:15:08 +00:00
ts
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
txt_db
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ui
Assume TERMIOS is default, remove TERMIO on all Linux.
2015-02-22 08:10:29 +01:00
whrlpool
Re-align some comments after running the reformat script.
2015-01-22 09:31:48 +00:00
x509
Check public key is not NULL.
2015-03-02 15:26:41 +00:00
x509v3
Fix missing return checks in v3_cpols.c
2015-03-12 09:29:48 +00:00
.cvsignore
Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev
2008-04-17 10:19:16 +00:00
alphacpuid.pl
Alpha assembler fixed from HEAD.
2011-08-12 12:31:08 +00:00
arm64cpuid.S
Add linux-aarch64 taget.
2014-06-10 23:20:55 +02:00
arm_arch.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
armcap.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
armv4cpuid.S
Remove inconsistency in ARM support.
2015-01-06 11:14:23 +01:00
constant_time_locl.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
constant_time_test.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
cpt_err.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
cryptlib.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
cryptlib.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
crypto-lib.com
Adjust VMS build to Unix build. Most of all, make it so the disabled
2014-06-18 13:43:09 +02:00
crypto.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
cversion.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ebcdic.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ebcdic.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ex_data.c
Fix memory leak reporting.
2015-02-09 13:01:15 +00:00
fips_err.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
fips_ers.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ia64cpuid.S
IA64 assembler pack update from HEAD.
2011-11-14 20:45:57 +00:00
install-crypto.com
Adjust VMS build to Unix build. Most of all, make it so the disabled
2014-06-18 13:43:09 +02:00
LPdir_nyi.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
LPdir_unix.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
LPdir_vms.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
LPdir_win32.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
LPdir_win.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
LPdir_wince.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
Makefile
Make output from openssl version -f consistent with previous versions
2015-01-13 11:28:54 +00:00
md32_common.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
mem_clr.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
mem_dbg.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
mem.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
o_dir_test.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
o_dir.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
o_dir.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
o_fips.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
o_init.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
o_str.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
o_str.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
o_time.c
Re-align some comments after running the reformat script.
2015-01-22 09:31:48 +00:00
o_time.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
opensslconf.h.in
Eliminate warning induced by http://cvs.openssl.org/chngview?cn=14690 and
2005-12-16 10:37:24 +00:00
opensslv.h
Prepare for 1.0.2a-dev
2015-01-22 16:16:24 +00:00
ossl_typ.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
pariscid.pl
PA-RISC assembler pack: switch to bve in 64-bit builds.
2013-06-30 23:13:23 +02:00
ppc_arch.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ppccap.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ppccpuid.pl
Initial POWER8 support from development branch.
2014-07-20 14:36:49 +02:00
s390xcap.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
s390xcpuid.S
s390x assembler pack update from HEAD.
2011-11-14 20:47:22 +00:00
sparc_arch.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
sparccpuid.S
sparcv9cap.c: update from master.
2013-05-20 00:16:18 +02:00
sparcv9cap.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
symhacks.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
uid.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
vms_rms.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
x86_64cpuid.pl
x86[_64]cpuid.pl: add low-level RDSEED.
2014-02-14 17:25:14 +01:00
x86cpuid.pl
x86[_64]cpuid.pl: add low-level RDSEED.
2014-02-14 17:25:14 +01:00