kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,501 Commits 12 Branches 0 Tags 38 MiB
C 43.1%
C++ 23.5%
Go 13.6%
Raku 10.8%
Perl 4%
Other 4.9%
d87021d246
Go to file
David Benjamin d87021d246 Fix length checks in X509_cmp_time to avoid out-of-bounds reads. 
Also tighten X509_cmp_time to reject more than three fractional
seconds in the time; and to reject trailing garbage after the offset.

CVE-2015-1789

(Imported from upstream's 9bc3665ac9e3c36f7762acd3691e1115d250b030)

Change-Id: I2091b2d1b691c177d58dc7960e2e7eb4c97b1f69
Reviewed-on: https://boringssl-review.googlesource.com/5124
Reviewed-by: Adam Langley <agl@google.com>
2015-06-16 19:07:15 +00:00
crypto Fix length checks in X509_cmp_time to avoid out-of-bounds reads. 2015-06-16 19:07:15 +00:00
decrepit Eliminate unnecessary includes from low-level crypto modules. 2015-04-13 20:49:18 +00:00
doc
include/openssl Duplicate SSL_SESSIONs when renewing them. 2015-06-16 18:15:12 +00:00
ssl Raise SIGTRAP rather than abort on failure. 2015-06-16 18:25:30 +00:00
tool Include base.h in tool/internal.h. 2015-06-08 14:52:13 -07:00
util Output test configs for Bazel builds. 2015-06-16 18:07:58 +00:00
.clang-format
.gitignore Add generated documentation to .gitignore 2015-01-26 18:37:55 +00:00
BUILDING Add support for building with the Android NDK. 2015-05-05 00:31:46 +00:00
CMakeLists.txt Allow compilation for armv6 2015-06-02 18:16:13 +00:00
codereview.settings Add a codereview.settings file. 2014-11-18 22:21:33 +00:00
LICENSE Add LICENSE file. 2015-05-20 17:44:57 +00:00
STYLE Require that FOO_free functions do nothing on NULL. 2015-05-04 22:58:13 +00:00