root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
openssl/crypto
History
Neil Horman d521c94e7b Fix NULL pointer deref when parsing the stable section 
When parsing the stable section of a config such as this:
openssl_conf = openssl_init
[openssl_init]
stbl_section = mstbl
[mstbl]
id-tc26 = min

Can lead to a SIGSEGV, as the parsing code doesnt recognize min as a
proper section name without a trailing colon to associate it with a
value.  As a result the stack of configuration values has an entry with
a null value in it, which leads to the SIGSEGV in do_tcreate when we
attempt to pass NULL to strtoul.

Fix it by skipping any entry in the config name/value list that has a
null value, prior to passing it to stroul

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22988)

(cherry picked from commit 0981c20f8e)
 		2024-01-12 10:39:06 +01:00
..
aes Copyright year updates 2023-09-19 14:57:48 +02:00
aria
asn1 Fix NULL pointer deref when parsing the stable section 2024-01-12 10:39:06 +01:00
async
bf Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:59 +11:00
bio Update copyright year 2023-03-14 12:49:46 +00:00
bn Avoid an infinite loop in BN_GF2m_mod_inv 2023-12-12 16:11:52 +00:00
buffer
camellia
cast Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:59 +11:00
chacha Copyright year updates 2023-09-19 14:57:48 +02:00
cmac Update copyright year 2022-06-21 14:03:39 +01:00
cmp Copyright year updates 2023-09-19 14:57:48 +02:00
cms Allow duplicate CMS attributes 2024-01-03 12:46:16 +01:00
comp
conf Detect and prevent recursive config parsing 2023-12-22 11:37:06 +01:00
crmf Fix the check of EVP_PKEY_decrypt_init 2022-12-05 13:05:43 +01:00
ct Update copyright year 2022-06-21 14:03:39 +01:00
des Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:59 +11:00
dh Make DH_check_pub_key() and DH_generate_key() safer yet 2023-11-06 07:53:22 +00:00
dsa Copyright year updates 2023-10-24 14:40:29 +01:00
dso Update copyright year 2022-12-01 12:47:05 +01:00
ec Copyright year updates 2023-09-19 14:57:48 +02:00
encode_decode Copyright year updates 2023-09-19 14:57:48 +02:00
engine Copyright year updates 2023-10-24 14:40:29 +01:00
err Detect and prevent recursive config parsing 2023-12-22 11:37:06 +01:00
ess
evp Fix partial block encryption in cfb and ofb for s390x (legacy) 2024-01-12 10:35:46 +01:00
ffc DH_check_pub_key() should not fail when setting result code 2023-10-11 16:22:55 +02:00
hmac
http Fix some invalid use of sscanf 2023-12-12 16:13:01 +00:00
idea Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:59 +11:00
kdf
lhash Copyright year updates 2023-10-24 14:40:29 +01:00
md2 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:59 +11:00
md4 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:59 +11:00
md5 Enable BTI feature for md5 on aarch64 2023-12-13 10:45:15 +01:00
mdc2 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:59 +11:00
modes aes-gcm-avx512.pl: fix non-reproducibility issue 2023-10-26 15:28:11 +01:00
objects ensure that ossl_obj_nid_lock is allocated before use 2023-10-18 16:53:14 +02:00
ocsp Update copyright year 2023-03-14 12:49:46 +00:00
pem Copyright year updates 2023-09-19 14:57:48 +02:00
perlasm x86_64-xlate.pl: Fix build with icx and nvc compilers 2023-11-24 17:22:25 +01:00
pkcs7 Fix possible memleak in PKCS7_add0_attrib_signing_time 2023-11-22 09:54:35 +01:00
pkcs12 Copyright year updates 2023-09-19 14:57:48 +02:00
poly1305 poly1305-ppc.pl: Fix vector register clobbering 2024-01-09 15:46:39 +01:00
property Add overflow checks to parse_number/parse_hex/parse_oct 2023-12-07 12:21:52 -05:00
rand Copyright year updates 2023-10-24 14:40:29 +01:00
rc2 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:59 +11:00
rc4 Set RC4 defines on libcrypto/liblegacy 2023-06-10 13:01:58 +02:00
rc5 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:59 +11:00
ripemd Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:59 +11:00
rsa Limit RSA-OAEP related functions to RSA keys only 2023-12-29 10:42:26 +01:00
seed Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:59 +11:00
sha Copyright year updates 2023-09-19 14:57:48 +02:00
siphash crypto/*: Fix various typos, repeated words, align some spelling to LDP. 2022-11-23 18:21:47 +01:00
sm2 Update copyright year 2023-05-30 14:11:01 +02:00
sm3 Copyright year updates 2023-08-01 14:35:30 +01:00
sm4 Use armv8 .quad instead of .dword 2023-09-05 13:35:27 +02:00
srp Copyright year updates 2023-09-19 14:57:48 +02:00
stack Errors raised from OPENSSL_sk_set should have ERR_LIB_CRYPTO 2022-10-21 18:03:37 +02:00
store Copyright year updates 2023-09-19 14:57:48 +02:00
ts Update copyright year 2022-12-01 12:47:05 +01:00
txt_db Update copyright year 2022-12-01 12:47:05 +01:00
ui Update copyright year 2023-05-30 14:11:01 +02:00
whrlpool Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:59 +11:00
x509 Fix a similar memory leak in SXNET_add_id_INTEGER 2024-01-10 18:16:19 +01:00
LPdir_nyi.c
LPdir_unix.c Copyright year updates 2023-08-01 14:35:30 +01:00
LPdir_vms.c
LPdir_win.c
LPdir_win32.c
LPdir_wince.c
README-sparse_array.md
alphacpuid.pl
arm64cpuid.pl Update copyright year 2022-12-01 12:47:05 +01:00
arm_arch.h Copyright year updates 2023-09-19 14:57:48 +02:00
armcap.c Backport crypto/armcap.c from master branch 2023-08-01 19:12:33 +02:00
armv4cpuid.pl Copyright year updates 2023-09-19 14:57:48 +02:00
asn1_dsa.c
bsearch.c
build.info Do not include sparse_array.o in libssl 2023-09-22 20:42:31 +02:00
c64xpluscpuid.pl
context.c Update copyright year 2023-05-30 14:11:01 +02:00
core_algorithm.c "Reserve" the method store when constructing methods 2022-07-20 07:29:23 +01:00
core_fetch.c "Reserve" the method store when constructing methods 2022-07-20 07:29:23 +01:00
core_namemap.c Copyright year updates 2023-08-01 14:35:30 +01:00
cpt_err.c err: add additional errors 2022-11-09 15:30:52 +01:00
cpuid.c Update copyright year 2022-12-01 12:47:05 +01:00
cryptlib.c Update copyright year 2022-12-01 12:47:05 +01:00
ctype.c
cversion.c
der_writer.c Update copyright year 2022-07-05 10:33:12 +02:00
dllmain.c Update copyright year 2022-12-01 12:47:05 +01:00
ebcdic.c
ex_data.c Fix error handling in CRYPTO_get_ex_new_index 2023-09-21 14:46:01 +02:00
getenv.c Update copyright year 2022-12-01 12:47:05 +01:00
ia64cpuid.S
info.c Update copyright year 2023-03-14 12:49:46 +00:00
init.c Move e_os.h to include/internal 2022-11-11 10:03:45 +01:00
initthread.c Copyright year updates 2023-10-24 14:40:29 +01:00
loongarch64cpuid.pl Add LoongArch64 cpuid and OPENSSL_loongarchcap_P 2022-11-23 18:21:53 +01:00
loongarch_arch.h Resolve assembler complains when including loongarch_arch.h 2023-08-28 09:59:59 +02:00
loongarchcap.c Copyright year updates 2023-08-01 14:35:30 +01:00
mem.c Windows: use srand() instead of srandom() 2023-10-13 15:08:11 +02:00
mem_clr.c
mem_sec.c Add locking to CRYPTO_secure_used 2023-12-01 09:42:13 -05:00
mips_arch.h
o_dir.c Update copyright year 2022-12-01 12:47:05 +01:00
o_fopen.c Update copyright year 2022-12-01 12:47:05 +01:00
o_init.c Update copyright year 2022-12-01 12:47:05 +01:00
o_str.c Move e_os.h to include/internal 2022-11-11 10:03:45 +01:00
o_time.c
packet.c Update copyright year 2022-10-11 13:20:27 +01:00
param_build.c ossl-params: check length returned by strlen() 2023-12-12 19:58:38 +01:00
param_build_set.c Copyright year updates 2023-10-24 14:40:29 +01:00
params.c crypto/params: drop float for UEFI 2023-06-14 16:04:50 +02:00
params_dup.c param dup: add errors to failure returns 2022-11-09 15:31:22 +01:00
params_from_text.c
pariscid.pl
passphrase.c
ppccap.c Update copyright year 2022-12-01 12:47:05 +01:00
ppccpuid.pl Update copyright year 2022-12-01 12:47:05 +01:00
provider.c
provider_child.c Update copyright year 2023-03-14 12:49:46 +00:00
provider_conf.c Detect and prevent recursive config parsing 2023-12-22 11:37:06 +01:00
provider_core.c After initializing a provider, check if its output dispatch table is NULL 2023-12-04 15:16:46 +01:00
provider_local.h
provider_predefined.c
punycode.c Update copyright year 2022-12-01 12:47:05 +01:00
riscv32cpuid.pl Add RISC-V 32 cpuid support 2022-11-23 18:21:43 +01:00
riscv64cpuid.pl Add basic RISC-V cpuid and OPENSSL_riscvcap 2022-11-21 10:49:52 +01:00
riscvcap.c Add basic RISC-V cpuid and OPENSSL_riscvcap 2022-11-21 10:49:52 +01:00
s390x_arch.h
s390xcap.c Copyright year updates 2023-08-01 14:35:30 +01:00
s390xcpuid.pl
self_test_core.c Update copyright year 2022-12-01 12:47:05 +01:00
sparccpuid.S
sparcv9cap.c
sparse_array.c Coverity 1507376: Dereference after null check 2022-07-22 14:42:44 +02:00
threads_lib.c Update copyright year 2022-12-21 11:17:29 +01:00
threads_none.c
threads_pthread.c Copyright year updates 2023-09-19 14:57:48 +02:00
threads_win.c Update copyright year 2023-05-30 14:11:01 +02:00
trace.c Update copyright year 2023-03-14 12:49:46 +00:00
uid.c
vms_rms.h
x86_64cpuid.pl
x86cpuid.pl