1. 28 2月, 2016 12 次提交
  2. 27 2月, 2016 20 次提交
  3. 26 2月, 2016 8 次提交
    • R
      Forgotten change of add() call in Configure · a26d8be9
      Richard Levitte 提交于
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      a26d8be9
    • M
      Fix a mkdef.pl warning · d9706f19
      Matt Caswell 提交于
      mkdef.pl was issuing the following error:
      
       Use of uninitialized value within %tag in numeric eq (==) at
       util/mkdef.pl line 560, <IN> line 92
      
      This was because it was treating a __cplusplus "#ifdef" check as a "tag"
      but then skipping over the corresponding "#endif". Therefore after
      processing a file it still had "left over" tags from processing the
      previous file. It was also getting confused by "#if" checks that didn't
      match is pre-defined styles.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      d9706f19
    • R
    • R
      Normalise the include directives in ct_test.c · 17436ce5
      Richard Levitte 提交于
      build.info needed a slight update, one more include directory.
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      17436ce5
    • A
      Implement new multi-threading API · 71a04cfc
      Alessandro Ghedini 提交于
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      71a04cfc
    • R
      Configure - neater looking add() and add_before() · bdcd83e1
      Richard Levitte 提交于
      They now default to " " as separator, but that can be overridden by
      having a hash with parameters as last argument.  The only currently
      recognised parameter is `separator'.
      
      The special separator `undef' will force the result to become a list
      rather than a concatenated string.
      Reviewed-by: NAndy Polyakov <appro@openssl.org>
      bdcd83e1
    • R
      Update test build/run for unified · 9666ffb3
      Rich Salz 提交于
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      9666ffb3
    • M
      Fix memory issues in BIO_*printf functions · 9cb17730
      Matt Caswell 提交于
      The internal |fmtstr| function used in processing a "%s" format string
      in the BIO_*printf functions could overflow while calculating the length
      of a string and cause an OOB read when printing very long strings.
      
      Additionally the internal |doapr_outch| function can attempt to write to
      an OOB memory location (at an offset from the NULL pointer) in the event of
      a memory allocation failure. In 1.0.2 and below this could be caused where
      the size of a buffer to be allocated is greater than INT_MAX. E.g. this
      could be in processing a very long "%s" format string. Memory leaks can also
      occur.
      
      These issues will only occur on certain platforms where sizeof(size_t) >
      sizeof(int). E.g. many 64 bit systems. The first issue may mask the second
      issue dependent on compiler behaviour.
      
      These problems could enable attacks where large amounts of untrusted data
      is passed to the BIO_*printf functions. If applications use these functions
      in this way then they could be vulnerable. OpenSSL itself uses these
      functions when printing out human-readable dumps of ASN.1 data. Therefore
      applications that print this data could be vulnerable if the data is from
      untrusted sources. OpenSSL command line applications could also be
      vulnerable where they print out ASN.1 data, or if untrusted data is passed
      as command line arguments.
      
      Libssl is not considered directly vulnerable. Additionally certificates etc
      received via remote connections via libssl are also unlikely to be able to
      trigger these issues because of message size limits enforced within libssl.
      
      CVE-2016-0799
      
      Issue reported by Guido Vranken.
      Reviewed-by: NAndy Polyakov <appro@openssl.org>
      9cb17730