mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-23 14:42:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
64846096b1
openssl/ssl
History
David Benjamin bd5d27c1c6 Don't read uninitialised data for short session IDs. 
While it's always safe to read |SSL_MAX_SSL_SESSION_ID_LENGTH| bytes
from an |SSL_SESSION|'s |session_id| array, the hash function would do
so with without considering if all those bytes had been written to.

This change checks |session_id_length| before possibly reading
uninitialised memory. Since the result of the hash function was already
attacker controlled, and since a lookup of a short session ID will
always fail, it doesn't appear that this is anything more than a clean
up.

In particular, |ssl_get_prev_session| uses a stack-allocated placeholder
|SSL_SESSION| as a lookup key, so the |session_id| array may be
uninitialised.

This was originally found with libFuzzer and MSan in
https://boringssl.googlesource.com/boringssl/+/e976e4349d693b4bbb97e1694f45be5a1b22c8c7,
then by Robert Swiecki with honggfuzz and MSan here. Thanks to both.

Reviewed-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2583)
2017-02-09 17:11:12 -05:00
..
record Fix crash in tls13_enc 2017-02-08 11:41:45 +00:00
statem Combined patch against master branch for the following issues: 2017-02-03 20:39:52 +01:00
bio_ssl.c
build.info
d1_lib.c
d1_msg.c
d1_srtp.c
methods.c
packet_locl.h Miscellaneous style tweaks based on feedback received 2017-01-30 10:18:23 +00:00
packet.c Use for loop in WPACKET_fill_lengths instead of do...while 2017-01-30 10:18:24 +00:00
pqueue.c
s3_cbc.c
s3_enc.c fix a memory leak in ssl3_generate_key_block fix the error handling in ssl3_change_cipher_state 2017-01-23 11:41:59 +01:00
s3_lib.c Add remaining TLS1.3 ciphersuites 2017-02-08 02:16:27 +00:00
s3_msg.c
ssl_asn1.c Fix <= TLS1.2 break 2017-01-30 10:18:24 +00:00
ssl_cert.c Convert Sigalgs processing to use ints 2017-01-10 23:02:50 +00:00
ssl_ciph.c Add NID_auth_any and NID_kx_any NIDs. 2017-02-08 02:16:26 +00:00
ssl_conf.c
ssl_err.c make errors 2017-02-02 14:45:10 +00:00
ssl_init.c
ssl_lib.c Don't read uninitialised data for short session IDs. 2017-02-09 17:11:12 -05:00
ssl_locl.h Add SSL_kANY and SSL_aANY 2017-02-08 02:16:26 +00:00
ssl_mcnf.c
ssl_rsa.c
ssl_sess.c Various style fixes following review feedback 2017-01-30 10:18:25 +00:00
ssl_stat.c
ssl_txt.c Move extension data into sub-structs 2017-01-09 22:26:47 -05:00
ssl_utst.c
t1_enc.c Add CCM mode support for TLS 1.3 2017-02-08 02:16:27 +00:00
t1_ext.c
t1_lib.c SSL_get_shared_sigalgs: handle negative idx parameter 2017-02-09 09:48:46 +00:00
t1_trce.c Add support for the psk_key_exchange_modes extension 2017-01-30 10:17:49 +00:00
tls13_enc.c Add CCM mode support for TLS 1.3 2017-02-08 02:16:27 +00:00
tls_srp.c