Skip to content
  1. Feb 14, 2017
  2. Feb 13, 2017
  3. Feb 11, 2017
  4. Feb 10, 2017
  5. Feb 09, 2017
    • David Benjamin's avatar
      Don't read uninitialised data for short session IDs. · bd5d27c1
      David Benjamin authored
      While it's always safe to read |SSL_MAX_SSL_SESSION_ID_LENGTH| bytes
      from an |SSL_SESSION|'s |session_id| array, the hash function would do
      so with without considering if all those bytes had been written to.
      
      This change checks |session_id_length| before possibly reading
      uninitialised memory. Since the result of the hash function was already
      attacker controlled, and since a lookup of a short session ID will
      always fail, it doesn't appear that this is anything more than a clean
      up.
      
      In particular, |ssl_get_prev_session| uses a stack-allocated placeholder
      |SSL_SESSION| as a lookup key, so the |session_id| array may be
      uninitialised.
      
      This was originally found with libFuzzer and MSan in
      https://boringssl.googlesource.com/boringssl/+/e976e4349d693b4bbb97e1694f45be5a1b22c8c7
      
      ,
      then by Robert Swiecki with honggfuzz and MSan here. Thanks to both.
      
      Reviewed-by: default avatarGeoff Thorpe <geoff@openssl.org>
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/2583)
      bd5d27c1
    • Andy Polyakov's avatar
      bn/asm/x86_64*: add DWARF CFI directives. · 76e624a0
      Andy Polyakov authored
      
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      76e624a0
    • Andy Polyakov's avatar
      perlasm/x86_64-xlate.pl: recognize DWARF CFI directives. · a3b5684f
      Andy Polyakov authored
      
      
      CFI directives annotate instructions that are significant for stack
      unwinding procedure. In addition to directives recognized by GNU
      assembler this module implements three synthetic ones:
      
      - .cfi_push annotates push instructions in prologue and translates to
        .cfi_adjust_cfa_offset (if needed) and .cfi_offset;
      - .cfi_pop annotates pop instructions in epilogue and translates to
        .cfi_adjust_cfs_offset (if needed) and .cfi_restore;
      - .cfi_cfa_expression encodes DW_CFA_def_cfa_expression and passes it
        to .cfi_escape as byte vector;
      
      CFA expression syntax is made up mix of DWARF operator suffixes [subset
      of] and references to registers with optional bias. Following example
      describes offloaded original stack pointer at specific offset from
      current stack pointer:
      
      	.cfi_cfa_expression	%rsp+40,deref,+8
      
      Final +8 has everything to do with the fact that CFA, Canonical Frame
      Address, is reference to top of caller's stack, and on x86_64 call to
      subroutine pushes 8-byte return address.
      
      Triggered by request from Adam Langley.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      a3b5684f