generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/crypto
History
Dr. Stephen Henson b29ffa392e Fix leak with ASN.1 combine. 
When parsing a combined structure pass a flag to the decode routine
so on error a pointer to the parent structure is not zeroed as
this will leak any additional components in the parent.

This can leak memory in any application parsing PKCS#7 or CMS structures.

CVE-2015-3195.

Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
libFuzzer.

PR#4131

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-03 13:45:13 +01:00
..
aes
Fix typos
2015-10-23 20:41:17 +02:00
asn1
Fix leak with ASN.1 combine.
2015-12-03 13:45:13 +01:00
bf
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
bio
Remove useless code
2015-10-23 20:47:53 +02:00
bn
BN_GF2m_mod_inv(): check bn_wexpand return value
2015-10-29 20:41:32 +01:00
buffer
BUF_strndup: tidy
2015-09-22 20:09:42 +02:00
camellia
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
cast
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
cmac
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
cms
Fix missing malloc return value checks
2015-11-09 23:00:37 +00:00
comp
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
conf
mark openssl configuration as loaded at end of OPENSSL_config
2015-11-24 22:05:47 +01:00
des
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
dh
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
dsa
Remove useless code
2015-10-23 20:47:53 +02:00
dso
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
ec
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
ecdh
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
ecdsa
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
engine
Fix missing malloc return value checks
2015-11-09 23:00:37 +00:00
err
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
evp
Fix missing malloc return value checks
2015-11-09 23:00:37 +00:00
hmac
Fix memory leaks and other mistakes on errors
2015-10-23 20:38:52 +02:00
idea
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
jpake
Fix missing malloc return value checks
2015-11-09 23:00:37 +00:00
krb5
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
lhash
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
md2
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
md4
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
md5
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
mdc2
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
modes
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
objects
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
ocsp
Remove useless code
2015-10-23 20:47:53 +02:00
pem
Fix missing malloc return value checks
2015-11-09 23:00:37 +00:00
perlasm
Reduce version skew.
2012-06-08 09:18:47 +00:00
pkcs7
Fix missing malloc return value checks
2015-11-09 23:00:37 +00:00
pkcs12
Set salt length after the malloc has succeeded
2015-10-23 20:39:25 +02:00
pqueue
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
rand
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
rc2
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
rc4
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
rc5
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
ripemd
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
rsa
Don't treat a bare OCTETSTRING as DigestInfo in int_rsa_verify
2015-10-08 14:17:08 +01:00
seed
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
sha
Fix typos
2015-10-23 20:41:17 +02:00
srp
Fix SRP memory leaks
2015-09-21 10:26:32 +01:00
stack
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
store
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
threads
Cleanup mttest.c : because we no longer use stdio here, don't include it
2015-06-21 22:13:28 +02:00
ts
RT32671: wrong multiple errs TS_check_status_info
2015-11-13 16:57:41 -05:00
txt_db
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
ui
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
whrlpool
RT4044: Remove .cvsignore files.
2015-09-15 12:00:18 -04:00
x509
Remove useless code
2015-10-23 20:47:53 +02:00
x509v3
Fix missing malloc return value checks
2015-11-09 23:00:37 +00:00
alphacpuid.pl
Alpha assembler fixed from HEAD.
2011-08-12 12:31:08 +00:00
arm_arch.h
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
armcap.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
armv4cpuid.S
ARM assembler pack update from HEAD.
2011-11-14 20:58:01 +00:00
constant_time_locl.h
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
constant_time_test.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
cpt_err.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
cryptlib.c
RT3823: Improve the robustness of event logging
2015-09-21 14:36:39 -04:00
cryptlib.h
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
crypto-lib.com
Spaces were added in some strings for better readability. However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces
2014-10-15 10:49:24 +02:00
crypto.h
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
cversion.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
ebcdic.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
ebcdic.h
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
ex_data.c
Fix memory leak reporting.
2015-02-09 13:01:28 +00:00
fips_err.h
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
fips_ers.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
ia64cpuid.S
IA64 assembler pack update from HEAD.
2011-11-14 20:45:57 +00:00
install-crypto.com
Adjust VMS build to Unix build. Most of all, make it so the disabled
2014-10-15 10:49:08 +02:00
LPdir_nyi.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
LPdir_unix.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
LPdir_vms.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
LPdir_win32.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
LPdir_win.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
LPdir_wince.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
Makefile
Fix the update target and remove duplicate file updates
2015-05-23 11:22:10 +02:00
md32_common.h
md32_common.h: backport ICC fix.
2015-05-26 09:58:12 +02:00
mem_clr.c
Make sure OPENSSL_cleanse checks for NULL
2015-09-17 22:33:31 +01:00
mem_dbg.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
mem.c
Fix CRYPTO_strdup
2015-04-22 17:24:47 +01:00
o_dir_test.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
o_dir.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
o_dir.h
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
o_fips.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
o_init.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
o_str.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
o_str.h
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
o_time.c
Re-align some comments after running the reformat script.
2015-01-22 09:39:01 +00:00
o_time.h
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
opensslconf.h.in
Use both sun and __sun
2015-11-24 23:44:50 +01:00
opensslv.h
Prepare for 1.0.1q-dev
2015-07-09 13:29:59 +01:00
ossl_typ.h
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
pariscid.pl
PA-RISC assembler pack: switch to bve in 64-bit builds.
2013-06-30 23:15:53 +02:00
ppccap.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
ppccpuid.pl
ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance
2012-04-27 20:20:15 +00:00
s390xcap.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
s390xcpuid.S
s390x assembler pack update from HEAD.
2011-11-14 20:47:22 +00:00
sparccpuid.S
Conversion to UTF-8 where needed
2015-07-14 01:18:57 +02:00
sparcv9cap.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
symhacks.h
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
uid.c
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
vms_rms.h
Run util/openssl-format-source -v -c .
2015-01-22 09:38:39 +00:00
x86_64cpuid.pl
x86_64 assembly pack: make Windows build more robust [from master].
2013-01-22 22:54:04 +01:00
x86cpuid.pl
x86cpuid.pl: make it work with older CPUs.
2013-03-18 19:50:23 +01:00