[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120419103201.014d046b@terabyte>
Date: Thu, 19 Apr 2012 10:32:01 -0400
From: Benjamin Kreuter <ben.kreuter@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: incorrect integer conversions in OpenSSL can
result in memory corruption.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Thu, 19 Apr 2012 12:35:22 +0200
Tavis Ormandy <taviso@...xchg8b.com> wrote:
> All versions of OpenSSL on all platforms up to and including version
> 1.0.1 are affected.
[snip]
> BUF_MEM_grow_clean accepts a size_t, but the subroutine it uses to
> handle the allocation only accepts a 32bit signed integer.
Correct me if I am wrong, but shouldn't this only be a problem on
systems where a size_t is wider than an int i.e. not on 32 bit systems?
- -- Ben
- --
Benjamin R Kreuter
UVA Computer Science
brk7bx@...ginia.edu
KK4FJZ
- --
"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iQIcBAEBCgAGBQJPkCHhAAoJEOV0+MnZK9ijbWoQAJC8v+OkmNJexaZdBXj3EVhs
hQR9nAUj1LljJxUA03z4X/eO0qfd+YusRtpt3v8w8Lbc1eULI05/1AVbt9C9pnh4
jX89fw+MjWx35aSUnlPWZTVO7JZspIIY3Khhm+RX0mEy6X2QtFhmrrRDxeedKC8M
CHp6ZXhVVo/mkCrPUg7tN68mufN6nnR5jOHRs/PcsxvfDV4eu5IbvdLYQygg6a6p
fmH2nuBeuvsYFTbWsVB+r2NTREDsNfO0g58B01AqabhyjtwQ5lJQ6mcEmmIalyeI
HDB0pYXIcOpRZpDXWsDXvXrRUNCYBAwBT2g8hguTb64yzTl8ySNfJIKp7jlU+sTb
lFlfGDiXLTFAnBFE8DXszUoE55PqrL4HMQSww6vM5h2gpAatn5r8HyuoUkpniD1m
z/cxULWgDw3YxcM1OnoJVvb+WcPuWlWjtpX4nT/3CYi+vV4TOHhL7yctg9VsEPKL
YuSZ3ZppfKnZe59v2CR+/azy3tDPUtBGSrDKSePXbtmYR5gXKpQX7BrX70mXyCVe
Czf+7q+/qW0dySLjXmiAPtBiyYv/ggdYJJ4DHCZMX6ilPbGI+Tt8A1KJ0mz+o9Uz
rFoYRpVECQio/bnz906B15a2VBXjsZb+DZ3VbHqOVDCNtxV6cHfHIjUs0XSyDPMj
CIcgX/FcVyT1lqHo7NeZ
=3sF/
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists