openssl/crypto
Matt Caswell ee1e3cac2e Avoid overflow in EVP_EncodeUpdate
An overflow can occur in the EVP_EncodeUpdate function which is used for
Base64 encoding of binary data. If an attacker is able to supply very large
amounts of input data then a length check can overflow resulting in a heap
corruption. Due to the very large amounts of data involved this will most
likely result in a crash.

Internally to OpenSSL the EVP_EncodeUpdate function is primarly used by the
PEM_write_bio* family of functions. These are mainly used within the
OpenSSL command line applications, so any application which processes
data from an untrusted source and outputs it as a PEM file should be
considered vulnerable to this issue.

User applications that call these APIs directly with large amounts of
untrusted data may also be vulnerable.

Issue reported by Guido Vranken.

CVE-2016-2105

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-03 11:56:23 +01:00
..
aes s390x assembly pack: cache capability query results. 2016-04-25 11:53:45 +02:00
asn1 make update 2016-05-01 15:10:15 +02:00
async Android build fixes. 2016-05-02 12:49:57 +02:00
bf Remove --classic build entirely 2016-04-20 16:04:56 +02:00
bio Check for failed malloc in BIO_ADDR_new 2016-04-29 16:47:41 +01:00
blake2 Remove --classic build entirely 2016-04-20 16:04:56 +02:00
bn Improve comment 2016-05-03 12:30:09 +02:00
buffer Remove --classic build entirely 2016-04-20 16:04:56 +02:00
camellia camellia/build.info: fix typo 2016-04-26 21:30:55 +02:00
cast Remove --classic build entirely 2016-04-20 16:04:56 +02:00
chacha chacha/asm/chacha-x86.pl: make it compile on legacy systems. 2016-05-02 12:34:42 +02:00
cmac Remove --classic build entirely 2016-04-20 16:04:56 +02:00
cms Don't leak EVP_MD_CTX on error path 2016-04-28 13:13:09 +01:00
comp Remove --classic build entirely 2016-04-20 16:04:56 +02:00
conf Properly own the duplicated string 2016-05-03 12:33:44 +02:00
ct Remove --classic build entirely 2016-04-20 16:04:56 +02:00
des Remove --classic build entirely 2016-04-20 16:04:56 +02:00
dh Add checks on CRYPTO_new_ex_data return value... 2016-04-28 14:37:41 -04:00
dsa Remove some dead code 2016-04-29 09:23:45 +01:00
dso Remove --classic build entirely 2016-04-20 16:04:56 +02:00
ec Remove some dead code from EC_GROUP_check() 2016-04-29 16:47:41 +01:00
engine Add checks on CRYPTO_new_ex_data return value 2016-04-28 14:37:41 -04:00
err Remove --classic build entirely 2016-04-20 16:04:56 +02:00
evp Avoid overflow in EVP_EncodeUpdate 2016-05-03 11:56:23 +01:00
hmac Remove --classic build entirely 2016-04-20 16:04:56 +02:00
idea Remove --classic build entirely 2016-04-20 16:04:56 +02:00
include/internal various spelling fixes 2016-04-28 14:22:26 -04:00
kdf Remove --classic build entirely 2016-04-20 16:04:56 +02:00
lhash Remove --classic build entirely 2016-04-20 16:04:56 +02:00
md2 Remove --classic build entirely 2016-04-20 16:04:56 +02:00
md4 Remove --classic build entirely 2016-04-20 16:04:56 +02:00
md5 Remove obsolete defined(__INTEL__) condition. 2016-05-02 12:35:01 +02:00
mdc2 Remove --classic build entirely 2016-04-20 16:04:56 +02:00
modes s390x assembly pack: cache capability query results. 2016-04-25 11:53:45 +02:00
objects Update copyright; generated files. 2016-04-20 10:33:15 -04:00
ocsp Don't leak resource on error in OCSP_url_svcloc_new 2016-04-28 13:13:09 +01:00
pem A call to RSA_set0_key had the arguments in the wrong order 2016-04-29 09:20:13 +01:00
perlasm
pkcs7 Free memory on error in PKCS7_dataFinal() 2016-04-28 13:13:09 +01:00
pkcs12 Don't leak memory on error in PKCS12_key_gen_uni 2016-04-28 13:13:09 +01:00
poly1305 various spelling fixes 2016-04-28 14:22:26 -04:00
rand Remove --classic build entirely 2016-04-20 16:04:56 +02:00
rc2 Remove --classic build entirely 2016-04-20 16:04:56 +02:00
rc4 Remove --classic build entirely 2016-04-20 16:04:56 +02:00
rc5 Remove --classic build entirely 2016-04-20 16:04:56 +02:00
ripemd Remove obsolete defined(__INTEL__) condition. 2016-05-02 12:35:01 +02:00
rsa Don't leak an ASN1_OCTET_STRING on error in rsa_cms_encrypt 2016-04-28 13:13:09 +01:00
seed Remove --classic build entirely 2016-04-20 16:04:56 +02:00
sha s390x assembly pack: cache capability query results. 2016-04-25 11:53:45 +02:00
srp various spelling fixes 2016-04-28 14:22:26 -04:00
stack Remove --classic build entirely 2016-04-20 16:04:56 +02:00
ts Remove --classic build entirely 2016-04-20 16:04:56 +02:00
txt_db Remove --classic build entirely 2016-04-20 16:04:56 +02:00
ui Add checks on CRYPTO_new_ex_data return value 2016-04-28 14:37:41 -04:00
whrlpool Remove --classic build entirely 2016-04-20 16:04:56 +02:00
x509 Prevent EBCDIC overread for very long strings 2016-05-03 10:22:47 +01:00
x509v3 various spelling fixes 2016-04-28 14:22:26 -04:00
alphacpuid.pl
arm64cpuid.pl
arm_arch.h
armcap.c
armv4cpuid.pl
build.info
c64xpluscpuid.pl
cpt_err.c
cryptlib.c Remove obsolete defined(__INTEL__) condition. 2016-05-02 12:35:01 +02:00
cversion.c
dllmain.c
ebcdic.c Add the ability to test EBCDIC builds 2016-04-29 15:04:15 +01:00
ex_data.c
fips_err.h
fips_ers.c
ia64cpuid.S
init.c
LPdir_nyi.c
LPdir_unix.c
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_dbg.c
mem_sec.c Secure memory fixes 2016-05-02 12:58:03 -04:00
mem.c Fix CRYPTO_clear_realloc() bug. 2016-04-21 23:56:44 +01:00
o_dir.c
o_fips.c
o_init.c
o_str.c
o_time.c
pariscid.pl
ppc_arch.h
ppccap.c crypto/ppccap.c: fix missing declaration warning. 2016-04-29 11:52:28 +02:00
ppccpuid.pl
s390xcap.c
s390xcpuid.S s390x assembly pack: cache capability query results. 2016-04-25 11:53:45 +02:00
sparc_arch.h crypto/sparc_arch.h: reserve more SPARCv9 capability bits. 2016-04-25 11:50:54 +02:00
sparccpuid.S
sparcv9cap.c SPARCv9 assembly pack: fine-tune run-time switch. 2016-04-26 21:35:05 +02:00
threads_none.c
threads_pthread.c
threads_win.c
uid.c
vms_rms.h
x86_64cpuid.pl
x86cpuid.pl