kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3831173740
boringssl/ssl
History
Adam Langley 3831173740 Fix memory leak when decoding corrupt tickets. 
This is CVE-2014-3567 from upstream. See
https://www.openssl.org/news/secadv_20141015.txt

Change-Id: I9aad422bf1b8055cb251c7ff9346cf47a448a815
Reviewed-on: https://boringssl-review.googlesource.com/1970
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2014-10-20 19:05:48 +00:00
..
pqueue Add a CRYPTO_library_init and static-initializer-less build option. 2014-09-12 00:10:53 +00:00
test Fix memory leak when decoding corrupt tickets. 2014-10-20 19:05:48 +00:00
CMakeLists.txt Merge the get_ssl_method hooks between TLS and SSLv3. 2014-09-30 22:58:59 +00:00
d1_both.c Fix minor issues found by Clang's analysis. 2014-09-02 22:39:41 +00:00
d1_clnt.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
d1_enc.c Prune some dead quirks and document the SSL_OP_ALL ones. 2014-09-03 20:17:45 +00:00
d1_lib.c Remove SSL_OP_CISCO_ANYCONNECT. 2014-08-18 17:57:01 +00:00
d1_meth.c Inital import. 2014-06-20 13:17:32 -07:00
d1_pkt.c Remove SSL_OP_CISCO_ANYCONNECT. 2014-08-18 17:57:01 +00:00
d1_srtp.c Don't compare signed vs. unsigned. 2014-10-01 02:17:38 +00:00
d1_srvr.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
s3_both.c Prune some dead quirks and document the SSL_OP_ALL ones. 2014-09-03 20:17:45 +00:00
s3_cbc.c Prune some dead quirks and document the SSL_OP_ALL ones. 2014-09-03 20:17:45 +00:00
s3_clnt.c Merge the get_ssl_method hooks between TLS and SSLv3. 2014-09-30 22:58:59 +00:00
s3_enc.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
s3_lib.c Don't compare signed vs. unsigned. 2014-10-01 02:17:38 +00:00
s3_meth.c Merge the get_ssl_method hooks between TLS and SSLv3. 2014-09-30 22:58:59 +00:00
s3_pkt.c Don't compare signed vs. unsigned. 2014-10-01 02:17:38 +00:00
s3_srvr.c Remove SSL_get_shared_ciphers. 2014-10-01 18:59:14 +00:00
s23_clnt.c Handle session resumption in SSLv23_client_method. 2014-09-25 22:04:20 +00:00
s23_lib.c Remove default_timeout hook. 2014-08-18 17:25:20 +00:00
s23_meth.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
s23_pkt.c Inital import. 2014-06-20 13:17:32 -07:00
s23_srvr.c Remove Suite B mode. 2014-08-14 22:00:16 +00:00
ssl_algs.c Remove indirection in loading ciphers. 2014-09-15 21:06:10 +00:00
ssl_asn1.c Client-side OCSP stapling support. 2014-08-29 00:39:33 +00:00
ssl_cert.c Don't compare signed vs. unsigned. 2014-10-01 02:17:38 +00:00
ssl_ciph.c Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL. 2014-09-30 22:59:23 +00:00
ssl_error.c Add missing errors codes for alerts. 2014-09-17 16:42:14 +00:00
ssl_lib.c Remove SSL_get_shared_ciphers. 2014-10-01 18:59:14 +00:00
ssl_locl.h Split tls1_check_ec_key. 2014-09-30 22:57:53 +00:00
ssl_rsa.c Prune removed key types from SSL_PKEY_*. 2014-08-20 02:15:32 +00:00
ssl_sess.c Remove SSL_get_shared_ciphers. 2014-10-01 18:59:14 +00:00
ssl_stat.c unifdef a bunch of OPENSSL_NO_* ifdefs. 2014-08-28 00:41:34 +00:00
ssl_test.c Disallow all special operators once groups are used. 2014-09-22 17:22:56 +00:00
ssl_txt.c Remove SSL_OP_CISCO_ANYCONNECT. 2014-08-18 17:57:01 +00:00
t1_enc.c Fix switching between AEAD and non-AEAD in a renegotiation. 2014-10-20 19:05:23 +00:00
t1_lib.c Fix memory leak when decoding corrupt tickets. 2014-10-20 19:05:48 +00:00
t1_reneg.c Port ssl3_get_client_hello to CBS. 2014-07-15 18:30:09 +00:00