Skip to content
  1. Apr 30, 2015
    • Matt Caswell's avatar
      Add sanity check to ssl_get_prev_session · 39b36cb4
      Matt Caswell authored
      
      
      Sanity check the |len| parameter to ensure it is positive. Thanks to Kevin
      Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for
      reporting this issue.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      (cherry picked from commit cb0f400b)
      39b36cb4
    • Matt Caswell's avatar
      Sanity check the return from final_finish_mac · 26800340
      Matt Caswell authored
      
      
      The return value is checked for 0. This is currently safe but we should
      really check for <= 0 since -1 is frequently used for error conditions.
      Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3
      Solutions) for reporting this issue.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      (cherry picked from commit c427570e)
      
      Conflicts:
      	ssl/ssl_locl.h
      
      Conflicts:
      	ssl/ssl_locl.h
      26800340
    • Matt Caswell's avatar
      Add sanity check in ssl3_cbc_digest_record · 592ac253
      Matt Caswell authored
      
      
      For SSLv3 the code assumes that |header_length| > |md_block_size|. Whilst
      this is true for all SSLv3 ciphersuites, this fact is far from obvious by
      looking at the code. If this were not the case then an integer overflow
      would occur, leading to a subsequent buffer overflow. Therefore I have
      added an explicit sanity check to ensure header_length is always valid.
      Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3
      Solutions) for reporting this issue.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      (cherry picked from commit 29b0a15a)
      592ac253
    • Matt Caswell's avatar
      Clarify logic in BIO_*printf functions · d8896822
      Matt Caswell authored
      
      
      The static function dynamically allocates an output buffer if the output
      grows larger than the static buffer that is normally used. The original
      logic implied that |currlen| could be greater than |maxlen| which is
      incorrect (and if so would cause a buffer overrun). Also the original
      logic would call OPENSSL_malloc to create a dynamic buffer equal to the
      size of the static buffer, and then immediately call OPENSSL_realloc to
      make it bigger, rather than just creating a buffer than was big enough in
      the first place. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot
      Oberoi (Int3 Solutions) for reporting this issue.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      (cherry picked from commit 9d9e3774)
      d8896822
    • Matt Caswell's avatar
      Sanity check EVP_EncodeUpdate buffer len · 951ede2a
      Matt Caswell authored
      
      
      There was already a sanity check to ensure the passed buffer length is not
      zero. Extend this to ensure that it also not negative. Thanks to Kevin
      Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for
      reporting this issue.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      (cherry picked from commit b86d7dca)
      951ede2a
    • Matt Caswell's avatar
      Sanity check EVP_CTRL_AEAD_TLS_AAD · 974d4d67
      Matt Caswell authored
      
      
      The various implementations of EVP_CTRL_AEAD_TLS_AAD expect a buffer of at
      least 13 bytes long. Add sanity checks to ensure that the length is at
      least that. Also add a new constant (EVP_AEAD_TLS1_AAD_LEN) to evp.h to
      represent this length. Thanks to Kevin Wojtysiak (Int3 Solutions) and
      Paramjot Oberoi (Int3 Solutions) for reporting this issue.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      (cherry picked from commit c8269881)
      
      Conflicts:
      	ssl/record/ssl3_record.c
      
      Conflicts:
      	apps/speed.c
      	crypto/evp/e_aes_cbc_hmac_sha256.c
      	crypto/evp/evp.h
      974d4d67
    • Matt Caswell's avatar
      Sanity check DES_enc_write buffer length · 3be5df22
      Matt Caswell authored
      
      
      Add a sanity check to DES_enc_write to ensure the buffer length provided
      is not negative. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot
      Oberoi (Int3 Solutions) for reporting this issue.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      (cherry picked from commit 873fb39f)
      3be5df22
  2. Apr 29, 2015
    • Matt Caswell's avatar
      Add length sanity check in SSLv2 n_do_ssl_write() · 80a06268
      Matt Caswell authored
      
      
      Fortify flagged up a problem in n_do_ssl_write() in SSLv2. Analysing the
      code I do not believe there is a real problem here. However the logic flows
      are complicated enough that a sanity check of |len| is probably worthwhile.
      
      Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3
      Solutions) for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit c5f8cd7b)
      80a06268
  3. Apr 22, 2015
    • Loganaden Velvindron's avatar
      Fix CRYPTO_strdup · e3dd33c2
      Loganaden Velvindron authored
      
      
      The function CRYPTO_strdup (aka OPENSSL_strdup) fails to check the return
      value from CRYPTO_malloc to see if it is NULL before attempting to use it.
      This patch adds a NULL check.
      
      RT3786
      
      Signed-off-by: default avatarMatt Caswell <matt@openssl.org>
      (cherry picked from commit 37b0cf936744d9edb99b5dd82cae78a7eac6ad60)
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit 20d21389c8b6f5b754573ffb6a4dc4f3986f2ca4)
      e3dd33c2
  4. Apr 21, 2015
  5. Apr 20, 2015
  6. Apr 18, 2015
  7. Apr 17, 2015
  8. Apr 16, 2015
  9. Apr 14, 2015
    • Matt Caswell's avatar
      Fix ssl_get_prev_session overrun · 40f26ac7
      Matt Caswell authored
      
      
      If OpenSSL is configured with no-tlsext then ssl_get_prev_session can read
      past the end of the ClientHello message if the session_id length in the
      ClientHello is invalid. This should not cause any security issues since the
      underlying buffer is 16k in size. It should never be possible to overrun by
      that many bytes.
      
      This is probably made redundant by the previous commit - but you can never be
      too careful.
      
      With thanks to Qinghao Tang for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit 5e0a80c1)
      40f26ac7
    • Matt Caswell's avatar
      Check for ClientHello message overruns · 89c27202
      Matt Caswell authored
      
      
      The ClientHello processing is insufficiently rigorous in its checks to make
      sure that we don't read past the end of the message. This does not have
      security implications due to the size of the underlying buffer - but still
      needs to be fixed.
      
      With thanks to Qinghao Tang for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit c9642eb1ff79a30e2c7632ef8267cc34cc2b0d79)
      89c27202
  10. Apr 11, 2015
  11. Apr 10, 2015
    • Dr. Stephen Henson's avatar
      Don't set *pval to NULL in ASN1_item_ex_new. · bd41063b
      Dr. Stephen Henson authored
      
      
      While *pval is usually a pointer in rare circumstances it can be a long
      value. One some platforms (e.g. WIN64) where
      sizeof(long) < sizeof(ASN1_VALUE *) this will write past the field.
      
      *pval is initialised correctly in the rest of ASN1_item_ex_new so setting it
      to NULL is unecessary anyway.
      
      Thanks to Julien Kauffmann for reporting this issue.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      (cherry picked from commit f617b496)
      
      Conflicts:
      	crypto/asn1/tasn_new.c
      bd41063b
  12. Apr 08, 2015
  13. Apr 07, 2015
  14. Mar 31, 2015
  15. Mar 25, 2015
  16. Mar 24, 2015