lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 19 Apr 2012 10:32:01 -0400
From: Benjamin Kreuter <ben.kreuter@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: incorrect integer conversions in OpenSSL can
 result in memory corruption.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Thu, 19 Apr 2012 12:35:22 +0200
Tavis Ormandy <taviso@...xchg8b.com> wrote:

> All versions of OpenSSL on all platforms up to and including version
> 1.0.1 are affected.

[snip]

> BUF_MEM_grow_clean accepts a size_t, but the subroutine it uses to
> handle the allocation only accepts a 32bit signed integer.

Correct me if I am wrong, but shouldn't this only be a problem on
systems where a size_t is wider than an int i.e. not on 32 bit systems?

- -- Ben



- -- 
Benjamin R Kreuter
UVA Computer Science
brk7bx@...ginia.edu
KK4FJZ

- --

"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iQIcBAEBCgAGBQJPkCHhAAoJEOV0+MnZK9ijbWoQAJC8v+OkmNJexaZdBXj3EVhs
hQR9nAUj1LljJxUA03z4X/eO0qfd+YusRtpt3v8w8Lbc1eULI05/1AVbt9C9pnh4
jX89fw+MjWx35aSUnlPWZTVO7JZspIIY3Khhm+RX0mEy6X2QtFhmrrRDxeedKC8M
CHp6ZXhVVo/mkCrPUg7tN68mufN6nnR5jOHRs/PcsxvfDV4eu5IbvdLYQygg6a6p
fmH2nuBeuvsYFTbWsVB+r2NTREDsNfO0g58B01AqabhyjtwQ5lJQ6mcEmmIalyeI
HDB0pYXIcOpRZpDXWsDXvXrRUNCYBAwBT2g8hguTb64yzTl8ySNfJIKp7jlU+sTb
lFlfGDiXLTFAnBFE8DXszUoE55PqrL4HMQSww6vM5h2gpAatn5r8HyuoUkpniD1m
z/cxULWgDw3YxcM1OnoJVvb+WcPuWlWjtpX4nT/3CYi+vV4TOHhL7yctg9VsEPKL
YuSZ3ZppfKnZe59v2CR+/azy3tDPUtBGSrDKSePXbtmYR5gXKpQX7BrX70mXyCVe
Czf+7q+/qW0dySLjXmiAPtBiyYv/ggdYJJ4DHCZMX6ilPbGI+Tt8A1KJ0mz+o9Uz
rFoYRpVECQio/bnz906B15a2VBXjsZb+DZ3VbHqOVDCNtxV6cHfHIjUs0XSyDPMj
CIcgX/FcVyT1lqHo7NeZ
=3sF/
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ