Skip to content
  1. Jun 07, 2016
  2. Jun 06, 2016
  3. Jun 03, 2016
  4. Jun 01, 2016
    • Matt Caswell's avatar
      Avoid some undefined pointer arithmetic · 6f35f6de
      Matt Caswell authored
      
      
      A common idiom in the codebase is:
      
      if (p + len > limit)
      {
          return; /* Too long */
      }
      
      Where "p" points to some malloc'd data of SIZE bytes and
      limit == p + SIZE
      
      "len" here could be from some externally supplied data (e.g. from a TLS
      message).
      
      The rules of C pointer arithmetic are such that "p + len" is only well
      defined where len <= SIZE. Therefore the above idiom is actually
      undefined behaviour.
      
      For example this could cause problems if some malloc implementation
      provides an address for "p" such that "p + len" actually overflows for
      values of len that are too big and therefore p + len < limit!
      
      Issue reported by Guido Vranken.
      
      CVE-2016-2177
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      6f35f6de
  5. May 26, 2016
  6. May 23, 2016
  7. May 19, 2016
  8. May 11, 2016
  9. May 09, 2016
  10. May 06, 2016
  11. May 05, 2016
  12. May 04, 2016
  13. May 03, 2016
  14. May 02, 2016
  15. Apr 29, 2016
  16. Apr 27, 2016
  17. Apr 26, 2016
  18. Apr 25, 2016