Google Git
Sign in
flutter / third_party / openssl / ecca16632a73bb80ee27cdec8a97f6def0a4714d
commitecca16632a73bb80ee27cdec8a97f6def0a4714d[log] [tgz]
authorRich Salz <rsalz@openssl.org>Tue Feb 21 13:07:13 2017 -0500
committerRich Salz <rsalz@openssl.org>Tue Feb 21 13:07:13 2017 -0500
tree3f53c183fdc8db0eea571813c5e207fdeeb3eecb
parent9dd4ac8cf17f2afd636e85ae0111d1df4104a475 [diff]
Prevent OOB in SRP base64 code.

Change size comparison from > (GT) to >= (GTE) to ensure an additional
byte of output buffer, to prevent OOB reads/writes later in the function
Reject input strings larger than 2GB
Detect invalid output buffer size and return early

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2672)
1 file changed
tree: 3f53c183fdc8db0eea571813c5e207fdeeb3eecb
  1. .github/
  2. apps/
  3. Configurations/
  4. crypto/
  5. demos/
  6. doc/
  7. engines/
  8. external/
  9. fuzz/
  10. include/
  11. ms/
  12. os-dep/
  13. ssl/
  14. test/
  15. tools/
  16. util/
  17. VMS/
  18. boringssl
  19. .gitattributes
  20. .gitignore
  21. .gitmodules
  22. .travis-create-release.sh
  23. .travis.yml
  24. ACKNOWLEDGEMENTS
  25. appveyor.yml
  26. AUTHORS
  27. build.info
  28. CHANGES
  29. config
  30. config.com
  31. Configure
  32. CONTRIBUTING
  33. e_os.h
  34. FAQ
  35. INSTALL
  36. LICENSE
  37. Makefile.shared
  38. NEWS
  39. NOTES.DJGPP
  40. NOTES.PERL
  41. NOTES.VMS
  42. NOTES.WIN
  43. README
  44. README.ECC
  45. README.ENGINE
  46. README.FIPS