projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3dd2eeb) | patch
Check for potentially exploitable overflows in asn1_d2i_read_bio
authorDr. Stephen Henson <steve@openssl.org>
Thu, 19 Apr 2012 11:44:51 +0000 (11:44 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 19 Apr 2012 11:44:51 +0000 (11:44 +0000)
commit5bd4fcc5c21820e48d5e35505907e04bbc465c59
treef999d7c6d563888878d8c3ebc45891e072ab8b50tree | snapshot
parent3dd2eebfbc2f4bf11475a07bc1e36e107ab19d0dcommit | diff
Check for potentially exploitable overflows in asn1_d2i_read_bio
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
CHANGES diff | blob | history
crypto/asn1/a_d2i_fp.c diff | blob | history
crypto/buffer/buffer.c diff | blob | history
crypto/mem.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.