QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-05-13 09:59:40 +00:00
Code Issues Projects Releases Wiki Activity
openssl/ssl
History
Matt Caswell cb7503750e Sanity check the ticket length before using key name/IV 
This could in theory result in an overread - but due to the over allocation
of the underlying buffer does not represent a security issue.

Thanks to Fedor Indutny for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5417)
2018-02-21 11:26:25 +00:00
..
bad_dtls_test.c
Remove unicode characters from source
2017-12-08 12:00:29 +01:00
bio_ssl.c
Handle SSL_ERROR_WANT_X509_LOOKUP
2015-09-20 14:21:18 +01:00
clienthellotest.c
GH354: Memory leak fixes
2015-08-28 11:59:23 -04:00
d1_both.c
Guard last few debugging printfs in libssl
2017-03-23 14:47:41 +01:00
d1_clnt.c
Fix issue #2113:
2017-02-09 14:19:36 +01:00
d1_lib.c
Standardize syntax around sizeof(foo)
2017-12-08 15:08:43 -05:00
d1_meth.c
Ensure the dtls1_get_*_methods work with DTLS_ANY_VERSION
2015-11-04 14:46:03 +00:00
d1_pkt.c
Make sure we check an incoming reneg ClientHello in DTLS
2018-01-30 16:07:30 +00:00
d1_srtp.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
d1_srvr.c
Fix DTLSv1_listen() sequence numbers
2017-03-13 13:08:01 +00:00
dtls1.h
Fix d2i_SSL_SESSION for DTLS1_BAD_VER
2015-02-27 20:31:28 +00:00
dtlstest.c
Fix no-ec
2016-08-24 09:23:14 +01:00
fatalerrtest.c
Fix the buffer sizing in the fatalerrtest
2017-12-07 14:48:11 +00:00
heartbeat_test.c
Revert "Fix heartbeat_test"
2016-11-29 09:54:58 +00:00
install-ssl.com
Don't forget to install srtp.h as well
2012-05-10 15:01:26 +00:00
kssl_lcl.h
Remove the "eay" c-file-style indicators
2015-12-18 13:39:34 +01:00
kssl.c
Changed OPENSSL_gmtime so macOS uses threadsafe gmtime_r instead of gmtime.
2018-01-24 16:23:20 +01:00
kssl.h
Remove the "eay" c-file-style indicators
2015-12-18 13:39:34 +01:00
Makefile
Add a test for CVE-2017-3737
2017-12-06 15:40:23 +00:00
s2_clnt.c
Standardize syntax around sizeof(foo)
2017-12-08 15:08:43 -05:00
s2_enc.c
Standardize syntax around sizeof(foo)
2017-12-08 15:08:43 -05:00
s2_lib.c
Standardize syntax around sizeof(foo)
2017-12-08 15:08:43 -05:00
s2_meth.c
Add no-ssl2-method
2016-03-14 21:13:59 +01:00
s2_pkt.c
Make SSL_read and SSL_write return the old behaviour and document it.
2016-11-21 22:00:43 +01:00
s2_srvr.c
Standardize syntax around sizeof(foo)
2017-12-08 15:08:43 -05:00
s3_both.c
Make message buffer slightly larger than message.
2016-09-21 19:56:05 +01:00
s3_cbc.c
Good hygiene with size_t output argument.
2015-11-21 05:23:20 -05:00
s3_clnt.c
Standardize syntax around sizeof(foo)
2017-12-08 15:08:43 -05:00
s3_enc.c
Fix issue #2113:
2017-02-09 14:19:36 +01:00
s3_lib.c
Standardize syntax around sizeof(foo)
2017-12-08 15:08:43 -05:00
s3_meth.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
s3_pkt.c
Swap the check in ssl3_write_pending to avoid using
2018-02-09 19:31:36 +01:00
s3_srvr.c
Standardize syntax around sizeof(foo)
2017-12-08 15:08:43 -05:00
s23_clnt.c
Don't use SSLv3_client_method internally with no-ssl3
2017-11-14 05:20:47 +01:00
s23_lib.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
s23_meth.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
s23_pkt.c
Make SSL_read and SSL_write return the old behaviour and document it.
2016-11-21 22:00:43 +01:00
s23_srvr.c
Standardize syntax around sizeof(foo)
2017-12-08 15:08:43 -05:00
srtp.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ssl2.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ssl3.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ssl23.h
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ssl_algs.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ssl_asn1.c
Fix memory leak on error.
2016-09-15 12:49:00 +01:00
ssl_cert.c
Standardize syntax around sizeof(foo)
2017-12-08 15:08:43 -05:00
ssl_ciph.c
Use casts for arguments to ctype functions.
2017-08-22 15:16:28 +10:00
ssl_conf.c
Disable SSLv2 default build, default negotiation and weak ciphers.
2016-03-01 11:20:10 +00:00
ssl_err2.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ssl_err.c
Add missing error string for SSL_R_TOO_MANY_WARN_ALERTS
2016-10-11 19:22:28 +01:00
ssl_lib.c
Standardize syntax around sizeof(foo)
2017-12-08 15:08:43 -05:00
ssl_locl.h
Copy custom extension flags in a call to SSL_set_SSL_CTX()
2017-05-10 14:06:58 +01:00
ssl_rsa.c
Revert "Use the callbacks from the SSL object instead of the SSL_CTX object"
2017-03-11 11:19:20 +01:00
ssl_sess.c
Standardize syntax around sizeof(foo)
2017-12-08 15:08:43 -05:00
ssl_stat.c
Add Error state
2015-05-05 19:50:12 +01:00
ssl_task.c
Re-align some comments after running the reformat script.
2015-01-22 09:31:48 +00:00
ssl_txt.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ssl_utst.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
ssl-lib.com
VMS: Use strict refdef extern model when building library object files
2016-08-22 15:50:28 +02:00
ssl.h
Don't allow read/write after fatal error
2017-12-06 15:40:23 +00:00
ssltest.c
Standardize syntax around sizeof(foo)
2017-12-08 15:08:43 -05:00
sslv2conftest.c
Silence some "maybe used uninitialised" warnings
2016-08-22 09:25:12 +01:00
t1_clnt.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
t1_enc.c
Standardize syntax around sizeof(foo)
2017-12-08 15:08:43 -05:00
t1_ext.c
Copy custom extension flags in a call to SSL_set_SSL_CTX()
2017-05-10 14:06:58 +01:00
t1_lib.c
Sanity check the ticket length before using key name/IV
2018-02-21 11:26:25 +00:00
t1_meth.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
t1_reneg.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
t1_srvr.c
Run util/openssl-format-source -v -c .
2015-01-22 09:31:38 +00:00
t1_trce.c
Fix a switch statement fallthrough
2017-12-11 09:49:44 +00:00
tls1.h
Add documentation for the SSL_export_keying_material() function
2017-06-21 16:21:03 +01:00
tls_srp.c
Code style: space after 'if'
2015-04-16 13:50:01 -04:00