kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,431 Commits 12 Branches 0 Tags 38 MiB
C 43.1%
C++ 23.5%
Go 13.6%
Raku 10.8%
Perl 4%
Other 4.9%
b3a7b51f18
Go to file
David Benjamin b3a7b51f18 Fix off-by-one in BN_rand 
If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
buffer overflow can occur.

See also upstream's efee575ad464bfb60bf72dcb73f9b51768f4b1a1. But rather than
making |BN_rand| fail, be consistent with the |bits| = 0 case and just don't
set the bits that don't exist. Add tests to ensure the degenerate cases behave.

Change-Id: I5e9fbe6fd8f7f7b2e011a680f2fbe6d7ed4dab65
Reviewed-on: https://boringssl-review.googlesource.com/4893
Reviewed-by: Adam Langley <agl@google.com>
2015-05-27 22:03:05 +00:00
crypto Fix off-by-one in BN_rand 2015-05-27 22:03:05 +00:00
decrepit Eliminate unnecessary includes from low-level crypto modules. 2015-04-13 20:49:18 +00:00
doc Inital import. 2014-06-20 13:17:32 -07:00
include/openssl Fix off-by-one in BN_rand 2015-05-27 22:03:05 +00:00
ssl Release handshake buffer when sending no certificate. 2015-05-27 21:54:30 +00:00
tool Revert "tool: we don't need -lrt." 2015-05-27 19:21:43 +00:00
util Add malloc test support to unit tests. 2015-05-21 17:59:48 +00:00
.clang-format Inital import. 2014-06-20 13:17:32 -07:00
.gitignore Add generated documentation to .gitignore 2015-01-26 18:37:55 +00:00
BUILDING Add support for building with the Android NDK. 2015-05-05 00:31:46 +00:00
CMakeLists.txt Add infrastructure for reference counts. 2015-05-20 19:14:59 +00:00
codereview.settings Add a codereview.settings file. 2014-11-18 22:21:33 +00:00
LICENSE Add LICENSE file. 2015-05-20 17:44:57 +00:00
STYLE Require that FOO_free functions do nothing on NULL. 2015-05-04 22:58:13 +00:00