summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/reallocarray.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2015-07-18Dead code, Coverity 78798beck2-6/+2
ok bcook@ doug@
2015-07-18simplify length checking in do_indefinite_convertbcook1-11/+17
Fixes Coverity 117506, 117507, 117508 ok doug@
2015-07-18Coverity ID 78910 - Yet another stupid API designed to not show failures. do thebeck2-12/+16
lease worst alternative and do nothing rather than dereference NULL, but having a function with fundamentally broken API to simply make a list of strings, sort them, and call a function with each string as an argument is really quite silly.... and of course it was exposed API that the ecosystem uses that we can't delete.. yet. ok miod@ doug@
2015-07-18Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER workaround.doug10-58/+26
This was a hack to work around problems on IE 6 with SSLv3. ok miod@ bcook@
2015-07-18remove mysterious, decorative comment blockletsbcook1-21/+21
2015-07-18Explicitly mark ignored BN_* return vals in tests.bcook1-6/+6
The tests will fail all the same. Fixes Coverity 78811 21659 21658 21657. Discussed with beck@
2015-07-18check sscanf conversion, fixes Coverity 21666bcook1-2/+6
ok doug@, miod@, guenther@
2015-07-18Check the return value of ASN1_STRING_set(), for it may fail to allocatemiod4-12/+28
memory. Coverity CID 24810, 24846. ok bcook@ doug@
2015-07-18Remove support for the SSL_OP_TLS_D5_BUG compat hack from SSLeay.doug6-28/+22
This is a 17 year old workaround from SSLeay 0.9.0b. It was for clients that send RSA client key exchange in TLS using SSLv3 format (no length prefix). ok jsing@
2015-07-18Unbreak, add errno headerjeremy1-1/+2
OK tedu@
2015-07-18set errno in null cases, just in case.tedu1-2/+3
2015-07-18standards compliant error return (null). will make ruby happier, at least.tedu1-5/+2
ok deraadt jeremy
2015-07-18Fix leak found by coverity, issue 78897 - which also brough tobeck6-50/+66
light that the child counting was broken in the original code. this is still fugly, but this preserves all the existing goo. ok doug@
2015-07-17delete doubled words;schwarze8-8/+8
patch from Theo Buehler <theo at math dot ethz dot ch>
2015-07-17extenstion -> extensionmiod2-2/+2
2015-07-17fix leak, found by coverity, ID 78877beck1-3/+3
ok miod@ jsing@
2015-07-17Convert ssl_parse_serverhello_use_srtp_ext to CBS.doug4-24/+34
ok miod@ jsing@
2015-07-17Remove SSLv3 support from openssl(1) s_time.doug1-13/+3
ok miod@ bcook@ beck@
2015-07-17Remove SSLv3 support from openssl(1) s_server.doug1-7/+2
ok miod@ bcook@ beck@
2015-07-17Remove SSLv3 support from openssl(1) s_client.doug1-4/+1
ok miod@ bcook@ beck@
2015-07-17Remove support for SSLv3 from openssl(1) ciphers.doug1-27/+5
ok miod@ bcook@
2015-07-17Remove compat hack that disabled ECDHE-ECDSA on OS X.doug10-208/+26
For a few old releases, ECDHE-ECDSA was broken on OS X. This option cannot differentiate between working and broken OS X so it disabled ECDHE-ECDSA support on all OS X >= 10.6. 10.8-10.8.3 were the faulty releases but these are no longer relevant. Tested on OS X 10.10 by jsing. ok jsing@
2015-07-17Remove workaround for TLS padding bug from SSLeay days.doug13-79/+25
OpenSSL doesn't remember which clients were impacted and the functionality has been broken in their stable releases for 2 years. Based on OpenSSL commit a8e4ac6a2fe67c19672ecf0c6aeafa15801ce3a5. ok jsing@
2015-07-16Bump LIBRESSL_VERSION defines.bcook2-6/+14
Moving forward, software should expect that LIBRESSL_VERSION_TEXT and LIBRESSL_VERSION_NUMBER will increment for each LibreSSL-portable release. ok deraadt@, beck@
2015-07-16Enforce V_ASN1_OCTET_STRING type before accessing the object as octet string;miod2-4/+8
from OpenSSL (RT #3683) ok doug@ jsing@
2015-07-16fix coverity leak - ID 78921beck1-3/+11
ok miod@, bcook@
2015-07-16kill leak, found by coverity, ID 105348beck1-2/+5
ok miod@
2015-07-16After reading a password with terminal echo off, restore the terminal toguenther2-12/+10
its original state instead of blindly turning echo on. problem reported on the openssl-dev list by William Freeman ok miod@ beck@
2015-07-16Explicitely cast a char into unsigned long before shifting it left by 24, formiod2-4/+4
this would promote it to int for the shift, and then cast to unsigned long, sign-extending it if sizeof(long) > sizeof(int). This was not a problem because the computed value was explicitely range checked afterwards, with an upper bound way smaller than 1U<<31, but it's better practice to cast correctly. ok beck@
2015-07-16Check return value of all used functions in OCSP_REQUEST_print(); coversmiod2-10/+18
Coverity CID 78796; ok beck@
2015-07-16Make sure the `reject negative sizes' logic introduced in 1.34 is actuallymiod2-6/+8
applied to all code paths. ok beck@ bcook@ doug@ guenther@
2015-07-15check n before cbs_init, coverity - ID 125063beck2-6/+18
ok bcook@ miod@
2015-07-15test for n<0 before use in CBS_init - mostly to shut up coverity.beck6-22/+66
reluctant ok miod@
2015-07-15Flense out dead code, we don't do ecdhe_clnt_cert.beck4-374/+150
coverity ID's 21691 21698 ok miod@, "Fry it" jsing@
2015-07-15Fix inverted test in previous. Commit message told what we intended, butmiod2-4/+4
we did not notice my fingers slipping. Noticed by bcook@
2015-07-15Remove dead code. Coverity CID 21688miod2-8/+2
ok beck@
2015-07-15Fix two theoretical NULL pointer dereferences which can only happen if youmiod2-8/+18
have seriously corrupted your memory; Coverity CID 21708 and 21721. While there, plug a memory leak upon error in x509_name_canon(). ok bcook@ beck@
2015-07-15Fix possible 32 byte buffer overrun, found by coverity, CID 78869beck2-4/+4
ok miod@
2015-07-15Memory leak; Coverity CID 78836miod2-12/+16
ok beck@
2015-07-15Unchecked allocations, and make sure we do not leak upon error. Fixesmiod2-42/+72
Coverity CID 21739 and more. ok bcook@
2015-07-15Avoid leaking objects upon error; tweaks & ok doug@miod2-36/+36
2015-07-15Do not allow TS_check_signer_name() with signer == NULL frommiod2-2/+8
int_TS_RESP_verify_token(). Coverity CID 21710. Looking further, int_TS_RESP_verify_token() will only initialize signer to something non-NULL if TS_VFY_SIGNATURE is set in ctx->flags. But guess what? TS_REQ_to_TS_VERIFY_CTX() in ts/ts_verify_ctx.c, which is the TS_VERIFY_CTX constructor, explicitely clears this bit, with: ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE); followed by more conditional flag clears. Of course, nothing prevents the user to fiddle with ctx->flags afterwards. This is exactly what ts.c in usr.bin/openssl does. This is gross, mistakes will happen. ok beck@
2015-07-15Previous fix for Coverity CID 21785 did not cope correctly with seed_len != 0,miod2-2/+6
seed_in == NULL case. Since this situation is an error anyway, bail out early. with and ok beck@
2015-07-15Add OPTION_ARG_LONG for handling of options with a long type.jsing2-3/+16
ok doug@
2015-07-15Make 'openssl pkeyutl -verify' return exit code 0 on success.bcook1-4/+5
Previously, it returned '1' regardless of whether is succeeded or failed. This is now fixed in the OpenSSL master branch as well. Thanks to Kinichiro Inoguchi for pointing it out. ok @deraadt
2015-07-14Partially convert ssl3_get_message to CBS.doug2-12/+30
Unlike the other conversions, this only partially converts the function for now. This is the second to last function which still uses the n2l3 macro. That macro is deprecated since we're using CBS. ok miod@ jsing@
2015-07-14Convert dtls1_get_hello_verify to CBS.doug2-34/+46
ok miod@ jsing@
2015-07-14Convert ssl3_get_cipher_by_char to CBS.doug2-4/+16
ok miod@ jsing@
2015-07-14Convert ssl3_get_client_certificate to CBS.doug2-30/+38
ok miod@ jsing@
2015-07-14Convert ssl3_get_finished to CBS.doug2-12/+18
ok miod@ jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-06 07:08:28 +0000