Skip to content
  1. Feb 25, 2016
    • Emilia Kasper's avatar
      CVE-2016-0798: avoid memory leak in SRP · 59a908f1
      Emilia Kasper authored
      
      
      The SRP user database lookup method SRP_VBASE_get_by_user had confusing
      memory management semantics; the returned pointer was sometimes newly
      allocated, and sometimes owned by the callee. The calling code has no
      way of distinguishing these two cases.
      
      Specifically, SRP servers that configure a secret seed to hide valid
      login information are vulnerable to a memory leak: an attacker
      connecting with an invalid username can cause a memory leak of around
      300 bytes per connection.
      
      Servers that do not configure SRP, or configure SRP but do not configure
      a seed are not vulnerable.
      
      In Apache, the seed directive is known as SSLSRPUnknownUserSeed.
      
      To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user
      is now disabled even if the user has configured a seed.
      
      Applications are advised to migrate to SRP_VBASE_get1_by_user. However,
      note that OpenSSL makes no strong guarantees about the
      indistinguishability of valid and invalid logins. In particular,
      computations are currently not carried out in constant time.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      59a908f1
  2. Feb 23, 2016
  3. Feb 19, 2016
  4. Feb 12, 2016
  5. Feb 11, 2016
  6. Feb 10, 2016
  7. Jan 28, 2016
  8. Jan 19, 2016
  9. Jan 17, 2016
  10. Jan 14, 2016
  11. Jan 10, 2016
  12. Jan 05, 2016
  13. Dec 28, 2015
  14. Dec 27, 2015
  15. Dec 22, 2015
  16. Dec 20, 2015
  17. Dec 19, 2015
  18. Dec 18, 2015
  19. Dec 16, 2015
  20. Dec 14, 2015
  21. Dec 10, 2015