Skip to content
  1. May 04, 2016
  2. May 03, 2016
  3. May 02, 2016
  4. Apr 29, 2016
  5. Apr 27, 2016
  6. Apr 26, 2016
  7. Apr 25, 2016
  8. Apr 23, 2016
  9. Apr 22, 2016
  10. Apr 07, 2016
  11. Mar 26, 2016
  12. Mar 18, 2016
  13. Mar 14, 2016
  14. Mar 09, 2016
  15. Mar 08, 2016
  16. Mar 07, 2016
  17. Mar 04, 2016
    • Dr. Stephen Henson's avatar
      Sanity check PVK file fields. · 298d823b
      Dr. Stephen Henson authored
      
      
      PVK files with abnormally large length or salt fields can cause an
      integer overflow which can result in an OOB read and heap corruption.
      However this is an rarely used format and private key files do not
      normally come from untrusted sources the security implications not
      significant.
      
      Fix by limiting PVK length field to 100K and salt to 10K: these should be
      more than enough to cover any files encountered in practice.
      
      Issue reported by Guido Vranken.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit 5f57abe2)
      298d823b
  18. Mar 01, 2016