diff options
| author | djm <> | 2012-04-22 01:38:24 +0000 |
|---|---|---|
| committer | djm <> | 2012-04-22 01:38:24 +0000 |
| commit | 6009b5053425d3b843ede015b6af05d32caf0a3c (patch) | |
| tree | 9caa6ce28230c0ae8dafd61b3b9e5006aacdb463 /src/lib/libcrypto | |
| parent | 26d673a328a92aa48e42150eb65ff351a4a0c188 (diff) | |
| download | openbsd-OPENBSD_5_0.tar.gz openbsd-OPENBSD_5_0.tar.bz2 openbsd-OPENBSD_5_0.zip | |
MFCOPENBSD_5_0
mem.c
revision 1.14
date: 2012/04/19 22:57:38; author: djm; state: Exp; lines: +4 -0
cherrypick fix for CVE-2012-2110: libcrypto ASN.1 parsing heap overflow
ok miod@ deraadt@
asn1/a_d2i_fp.c
revision 1.6
date: 2012/04/19 22:57:38; author: djm; state: Exp; lines: +40 -14
cherrypick fix for CVE-2012-2110: libcrypto ASN.1 parsing heap overflow
ok miod@ deraadt@
buffer/buffer.c
revision 1.9
date: 2012/04/19 22:57:38; author: djm; state: Exp; lines: +17 -0
cherrypick fix for CVE-2012-2110: libcrypto ASN.1 parsing heap overflow
ok miod@ deraadt@
Diffstat (limited to 'src/lib/libcrypto')
| -rw-r--r-- | src/lib/libcrypto/mem.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/lib/libcrypto/mem.c b/src/lib/libcrypto/mem.c index 8f06d190a1..9ecb8d26b1 100644 --- a/src/lib/libcrypto/mem.c +++ b/src/lib/libcrypto/mem.c | |||
| @@ -362,6 +362,10 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, | |||
| 362 | 362 | ||
| 363 | if (num <= 0) return NULL; | 363 | if (num <= 0) return NULL; |
| 364 | 364 | ||
| 365 | /* We don't support shrinking the buffer. Note the memcpy that copies | ||
| 366 | * |old_len| bytes to the new buffer, below. */ | ||
| 367 | if (num < old_len) return NULL; | ||
| 368 | |||
| 365 | if (realloc_debug_func != NULL) | 369 | if (realloc_debug_func != NULL) |
| 366 | realloc_debug_func(str, NULL, num, file, line, 0); | 370 | realloc_debug_func(str, NULL, num, file, line, 0); |
| 367 | ret=malloc_ex_func(num,file,line); | 371 | ret=malloc_ex_func(num,file,line); |