Skip to content
  1. Sep 22, 2015
    • Alessandro Ghedini's avatar
      Make BUF_strndup() read-safe on arbitrary inputs · f61216ba
      Alessandro Ghedini authored
      
      
      BUF_strndup was calling strlen through BUF_strlcpy, and ended up reading
      past the input if the input was not a C string.
      
      Make it explicitly part of BUF_strndup's contract to never read more
      than |siz| input bytes. This augments the standard strndup contract to
      be safer.
      
      The commit also adds a check for siz overflow and some brief documentation
      for BUF_strndup().
      
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      (cherry picked from commit 110f7b37)
      f61216ba
    • Rich Salz's avatar
      GH398: Add mingw cross-compile, etc. · c038e6b5
      Rich Salz authored
      
      
      For all release branches.  It adds travis build support. If you don't
      have a config file it uses the default (because we enabled travis for the
      project), which uses ruby/rake/rakefiles, and you get confusing "build
      still failing" messages.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      (cherry picked from commit db9defdf)
      c038e6b5
  2. Sep 21, 2015
    • David Woodhouse's avatar
      RT3479: Add UTF8 support to BIO_read_filename() · 0ea050e7
      David Woodhouse authored
      
      
      If we use BIO_new_file(), on Windows it'll jump through hoops to work
      around their unusual charset/Unicode handling. it'll convert a UTF-8
      filename to UCS-16LE and attempt to use _wfopen().
      
      If you use BIO_read_filename(), it doesn't do this. Shouldn't it be
      consistent?
      
      It would certainly be nice if SSL_use_certificate_chain_file() worked.
      
      Also made BIO_C_SET_FILENAME work (rsalz)
      
      Signed-off-by: default avatarRich Salz <rsalz@akamai.com>
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      (cherry picked from commit ff03599a)
      0ea050e7
    • Gunnar Kudrjavets's avatar
      RT3823: Improve the robustness of event logging · d601b9b5
      Gunnar Kudrjavets authored
      There are a couple of minor fixes here:
      
      1) Handle the case when RegisterEventSource() fails (which it may for
      various reasons) and do the work of logging the event only if it succeeds.
      
      2) Handle the case when ReportEvent() fails and do our best in debug builds
      to at least attempt somehow indicate that something has gone wrong. The
      typical situation would be someone running tools like DbMon, DBWin32,
      DebugView or just having the debugger attached. The intent is to make sure
      that at least some data will be captured so that we can save hours and days
      of debugging time.
      
      3) Minor fix to change the MessageBox() flag to MB_ICONERROR. Though the
      value of MB_ICONERROR is the same value as MB_ICONSTOP, the intent is
      better conveyed by using MB_ICONERROR.
      
      Testing performed:
      
      1) Clean compilation for debug-VC-WIN32 and VC-WIN32.
      
      2) Good test results (nmake -f ms\ntdll.mak test) for debug-VC-WIN32 and
      VC-WIN32.
      
      3) Stepped through relevant changes using WinDBG and e...
      d601b9b5
    • Matt Caswell's avatar
      Fix SRP memory leaks · b21b330b
      Matt Caswell authored
      
      
      There were some memory leaks in the creation of an SRP verifier (both on
      successful completion and also on some error paths).
      
      Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      (cherry picked from commit bf95cde2)
      b21b330b
  3. Sep 20, 2015
  4. Sep 19, 2015
  5. Sep 18, 2015
  6. Sep 17, 2015
  7. Sep 16, 2015
  8. Sep 15, 2015
  9. Sep 14, 2015
  10. Sep 12, 2015
  11. Sep 11, 2015
  12. Sep 10, 2015
  13. Sep 08, 2015
  14. Sep 04, 2015
  15. Sep 03, 2015
  16. Sep 02, 2015
  17. Sep 01, 2015
  18. Aug 31, 2015