mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-30 14:01:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
0d698f6696
openssl/ssl
History
Matt Caswell 0d698f6696 Fix Use After Free for large message sizes 
The buffer to receive messages is initialised to 16k. If a message is
received that is larger than that then the buffer is "realloc'd". This can
cause the location of the underlying buffer to change. Anything that is
referring to the old location will be referring to free'd data. In the
recent commit c1ef7c97 (master) and 4b390b6c (1.1.0) the point in the code
where the message buffer is grown was changed. However s->init_msg was not
updated to point at the new location.

CVE-2016-6309

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-09-26 08:52:48 +01:00
..
record Fix a hang with SSL_peek() 2016-09-22 09:27:45 +01:00
statem Fix Use After Free for large message sizes 2016-09-26 08:52:48 +01:00
bio_ssl.c Fix BIO_pop for SSL BIOs 2016-07-29 14:09:57 +01:00
build.info First pass at writing a writeable packets API 2016-09-13 09:41:21 +01:00
d1_lib.c Convert HelloVerifyRequest construction to WPACKET 2016-09-22 23:12:38 +01:00
d1_msg.c Whitespace cleanup in ssl folder 2016-06-29 09:56:39 -04:00
d1_srtp.c Convert tls_construct_client_hello() to use PACKETW 2016-09-13 09:41:21 +01:00
methods.c Indent ssl/ 2016-08-18 14:02:29 +02:00
packet_locl.h Add warning about a potential pitfall with WPACKET_allocate_bytes() 2016-09-22 23:12:38 +01:00
packet.c Fix a WPACKET bug 2016-09-26 08:52:48 +01:00
pqueue.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
s3_cbc.c Indent ssl/ 2016-08-18 14:02:29 +02:00
s3_enc.c Indent ssl/ 2016-08-18 14:02:29 +02:00
s3_lib.c Convert WPACKET_put_bytes to use convenience macros 2016-09-20 14:47:44 +01:00
s3_msg.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_asn1.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_cert.c Style tweaks following review feedback 2016-09-20 10:16:56 +01:00
ssl_ciph.c Remove trailing zeros 2016-08-26 15:18:07 -04:00
ssl_conf.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_err.c Don't allow too many consecutive warning alerts 2016-09-21 20:17:04 +01:00
ssl_init.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_lib.c Revert "Constify code about X509_VERIFY_PARAM" 2016-09-21 10:37:03 -04:00
ssl_locl.h Convert HelloVerifyRequest construction to WPACKET 2016-09-22 23:12:38 +01:00
ssl_mcnf.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_rsa.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_sess.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_stat.c Add missing debug strings. 2016-09-07 16:08:38 -04:00
ssl_txt.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_utst.c Copyright consolidation 01/10 2016-05-17 14:19:19 -04:00
t1_enc.c Indent ssl/ 2016-08-18 14:02:29 +02:00
t1_ext.c Convert WPACKET_put_bytes to use convenience macros 2016-09-20 14:47:44 +01:00
t1_lib.c Fix a mem leak in NPN handling 2016-09-22 09:27:45 +01:00
t1_reneg.c Convert tls_construct_client_hello() to use PACKETW 2016-09-13 09:41:21 +01:00
t1_trce.c Ensure trace recognises X25519 2016-09-08 12:34:02 +01:00
tls_srp.c Indent ssl/ 2016-08-18 14:02:29 +02:00