mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
380f18ed5f
The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory management semantics; the returned pointer was sometimes newly allocated, and sometimes owned by the callee. The calling code has no way of distinguishing these two cases. Specifically, SRP servers that configure a secret seed to hide valid login information are vulnerable to a memory leak: an attacker connecting with an invalid username can cause a memory leak of around 300 bytes per connection. Servers that do not configure SRP, or configure SRP but do not configure a seed are not vulnerable. In Apache, the seed directive is known as SSLSRPUnknownUserSeed. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user. However, note that OpenSSL makes no strong guarantees about the indistinguishability of valid and invalid logins. In particular, computations are currently not carried out in constant time. Reviewed-by: Rich Salz <rsalz@openssl.org> |
||
|---|---|---|
| .. | ||
| pl | ||
| TLSProxy | ||
| add_cr.pl | ||
| bat.sh | ||
| check-buildinfo.pl | ||
| ck_errf.pl | ||
| copy-if-different.pl | ||
| copy.pl | ||
| cygwin.sh | ||
| dirname.pl | ||
| do_ms.sh | ||
| dofile.pl | ||
| domd.in | ||
| extract-names.pl | ||
| extract-section.pl | ||
| files.pl | ||
| fipslink.pl | ||
| fixNT.sh | ||
| FreeBSD.sh | ||
| incore | ||
| indent.pro | ||
| install.sh | ||
| libeay.num | ||
| mk1mf.pl | ||
| mkbuildinf.pl | ||
| mkcerts.sh | ||
| mkdef.pl | ||
| mkdir-p.pl | ||
| mkerr.pl | ||
| mkfiles.pl | ||
| mkrc.pl | ||
| openssl-format-source | ||
| opensslwrap.sh | ||
| perlpath.pl | ||
| point.sh | ||
| selftest.pl | ||
| shlib_wrap.sh | ||
| sp-diff.pl | ||
| speed.sh | ||
| ssleay.num | ||
| su-filter.pl | ||
| toutf8.sh | ||
| with_fallback.pm | ||
| x86asm.sh | ||