]> granicus.if.org Git - openssl/commit
Check for potentially exploitable overflows in asn1_d2i_read_bio
authorDr. Stephen Henson <steve@openssl.org>
Thu, 19 Apr 2012 16:19:56 +0000 (16:19 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 19 Apr 2012 16:19:56 +0000 (16:19 +0000)
commitd9a9d10f4f8d4ed051f2488a90b012dceb7ec885
treedabb138053661e7c2c25d1d5bef7221ef0d5ab04
parent0d2baadfb4dbd36fa323f3ae57ad309744713572
Check for potentially exploitable overflows in asn1_d2i_read_bio
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
CHANGES
crypto/asn1/a_d2i_fp.c
crypto/buffer/buffer.c
crypto/mem.c