Skip to content
  1. May 02, 2016
  2. Apr 29, 2016
  3. Apr 27, 2016
  4. Apr 26, 2016
  5. Apr 25, 2016
  6. Apr 23, 2016
  7. Apr 22, 2016
  8. Apr 07, 2016
  9. Apr 04, 2016
  10. Mar 26, 2016
  11. Mar 18, 2016
  12. Mar 14, 2016
  13. Mar 09, 2016
  14. Mar 08, 2016
  15. Mar 07, 2016
  16. Mar 04, 2016
    • Dr. Stephen Henson's avatar
      Sanity check PVK file fields. · df14e502
      Dr. Stephen Henson authored
      
      
      PVK files with abnormally large length or salt fields can cause an
      integer overflow which can result in an OOB read and heap corruption.
      However this is an rarely used format and private key files do not
      normally come from untrusted sources the security implications not
      significant.
      
      Fix by limiting PVK length field to 100K and salt to 10K: these should be
      more than enough to cover any files encountered in practice.
      
      Issue reported by Guido Vranken.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit 5f57abe2)
      df14e502
  17. Mar 01, 2016