openssl

History

Dr. Stephen Henson cc598f321f Fix leak with ASN.1 combine.

When parsing a combined structure pass a flag to the decode routine
so on error a pointer to the parent structure is not zeroed as
this will leak any additional components in the parent.

This can leak memory in any application parsing PKCS#7 or CMS structures.

CVE-2015-3195.

Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
libFuzzer.

PR#4131

Reviewed-by: Richard Levitte <levitte@openssl.org>

2015-12-03 14:32:05 +00:00

aes

x86_64 assembly pack: tune clang version detection.

2015-11-30 13:37:39 +01:00

asn1

Fix leak with ASN.1 combine.

2015-12-03 14:32:05 +00:00

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

bio

Remove useless code

2015-10-23 20:32:59 +02:00

x86_64 assembly pack: tune clang version detection.

2015-11-30 13:37:39 +01:00

buffer

BUF_strndup: tidy

2015-09-22 20:04:01 +02:00

camellia

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

cast

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

cmac

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

cms

Fix missing malloc return value checks

2015-11-09 22:54:19 +00:00

comp

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

conf

mark openssl configuration as loaded at end of OPENSSL_config

2015-11-24 22:05:10 +01:00

des

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

Properly check return type of DH_compute_key()

2015-10-07 20:36:46 +02:00

dsa

Remove useless code

2015-10-23 20:32:59 +02:00

dso

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

Add cleanup of *.s

2015-12-03 15:20:10 +01:00

ecdh

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

ecdsa

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

engine

Fix missing malloc return value checks

2015-11-09 22:54:19 +00:00

err

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

evp

aesni-sha256-x86_64.pl: fix crash on AMD Jaguar.

2015-11-16 13:07:33 +01:00

hmac

Fix memory leaks and other mistakes on errors

2015-10-23 19:58:54 +02:00

idea

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

jpake

Fix missing malloc return value checks

2015-11-09 22:54:19 +00:00

krb5

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

lhash

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

md2

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

md4

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

md5

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

mdc2

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

modes

x86_64 assembly pack: tune clang version detection.

2015-11-30 13:37:39 +01:00

objects

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

ocsp

Remove useless code

2015-10-23 20:32:59 +02:00

pem

Fix missing malloc return value checks

2015-11-09 22:54:19 +00:00

perlasm

perlasm/ppc-xlate.pl: comply with ABIs that specify vrsave as reserved.

2015-12-03 13:31:36 +01:00

pkcs7

Fix missing malloc return value checks

2015-11-09 22:54:19 +00:00

pkcs12

Set salt length after the malloc has succeeded

2015-10-23 19:59:34 +02:00

pqueue

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

rand

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

rc2

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

rc4

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

rc5

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

ripemd

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

rsa

Don't treat a bare OCTETSTRING as DigestInfo in int_rsa_verify

2015-10-08 14:11:59 +01:00

seed

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

sha

x86_64 assembly pack: tune clang version detection.

2015-11-30 13:37:39 +01:00

srp

Fix SRP memory leaks

2015-09-21 10:23:25 +01:00

stack

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

store

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

threads

Cleanup mttest.c : because we no longer use stdio here, don't include it

2015-06-21 22:12:07 +02:00

RT32671: wrong multiple errs TS_check_status_info

2015-11-13 16:57:08 -05:00

txt_db

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

whrlpool

RT4044: Remove .cvsignore files.

2015-09-15 11:58:27 -04:00

x509

Remove useless code

2015-10-23 20:32:59 +02:00

x509v3

Fix missing malloc return value checks

2015-11-09 22:54:19 +00:00

alphacpuid.pl

Alpha assembler fixed from HEAD.

2011-08-12 12:31:08 +00:00

arm64cpuid.S

Add linux-aarch64 taget.

2014-06-10 23:20:55 +02:00

arm_arch.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

armcap.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

armv4cpuid.S

Remove inconsistency in ARM support.

2015-01-06 11:14:23 +01:00

constant_time_locl.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

constant_time_test.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

cpt_err.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

cryptlib.c

RT3823: Improve the robustness of event logging

2015-09-21 14:36:26 -04:00

cryptlib.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

crypto-lib.com

Adjust VMS build to Unix build. Most of all, make it so the disabled

2014-06-18 13:43:09 +02:00

crypto.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

cversion.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

ebcdic.c

Appease clang -Wempty-translation-unit

2015-04-08 17:59:40 +02:00

ebcdic.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

ex_data.c

Fix memory leak reporting.

2015-02-09 13:01:15 +00:00

fips_err.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

fips_ers.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

ia64cpuid.S

IA64 assembler pack update from HEAD.

2011-11-14 20:45:57 +00:00

install-crypto.com

Adjust VMS build to Unix build. Most of all, make it so the disabled

2014-06-18 13:43:09 +02:00

LPdir_nyi.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

LPdir_unix.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

LPdir_vms.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

LPdir_win32.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

LPdir_win.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

LPdir_wince.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

Makefile

Fix the update target and remove duplicate file updates

2015-05-23 06:25:12 +02:00

md32_common.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

mem_clr.c

Make sure OPENSSL_cleanse checks for NULL

2015-09-17 22:31:24 +01:00

mem_dbg.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

mem.c

Fix CRYPTO_strdup

2015-04-22 17:20:38 +01:00

o_dir_test.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

o_dir.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

o_dir.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

o_fips.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

o_init.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

o_str.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

o_str.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

o_time.c

Re-align some comments after running the reformat script.

2015-01-22 09:31:48 +00:00

o_time.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

opensslconf.h.in

Use both sun and __sun

2015-11-24 23:44:05 +01:00

opensslv.h

Prepare for 1.0.2e-dev

2015-07-09 13:18:51 +01:00

ossl_typ.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

pariscid.pl

PA-RISC assembler pack: switch to bve in 64-bit builds.

2013-06-30 23:13:23 +02:00

ppc_arch.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

ppccap.c

RT3990: Fix #include path.

2015-08-05 22:06:22 -04:00

ppccpuid.pl

Initial POWER8 support from development branch.

2014-07-20 14:36:49 +02:00

s390xcap.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

s390xcpuid.S

s390x assembler pack update from HEAD.

2011-11-14 20:47:22 +00:00

sparc_arch.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

sparccpuid.S

Conversion to UTF-8 where needed

2015-07-14 01:17:45 +02:00

sparcv9cap.c

crypto/sparcv9cap.c: add SIGILL-free feature detection for Solaris.

2015-12-02 10:56:27 +01:00

symhacks.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

uid.c

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

vms_rms.h

Run util/openssl-format-source -v -c .

2015-01-22 09:31:38 +00:00

x86_64cpuid.pl

x86[_64]cpuid.pl: add low-level RDSEED.

2014-02-14 17:25:14 +01:00

x86cpuid.pl

x86[_64]cpuid.pl: add low-level RDSEED.

2014-02-14 17:25:14 +01:00