Some precautions to avoid potential security-relevant problems.

author: Bodo Möller <bodo@openssl.org> 2008-09-14 13:42:34 +0000
committer: Bodo Möller <bodo@openssl.org> 2008-09-14 13:42:34 +0000
commit: f8d6be3f8170c4aa3bea1618994f912629f3d0c3 (patch)
tree: 18c4c5d270339284cc408289fff7cbf6994b6163 /CHANGES
parent: d493899579429374026bc11c60859d5af9c2a0dc (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index f7427dd0ea..b9a6d83641 100644
--- a/CHANGES
+++ b/CHANGES
@@ -705,6 +705,22 @@
 
  Changes between 0.9.8h and 0.9.8i  [xx XXX xxxx]
 
+  *) Various precautionary measures:
+
+     - Avoid size_t integer overflow in HASH_UPDATE (md32_common.h).
+
+     - Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c).
+       (NB: This would require knowledge of the secret session ticket key
+       to exploit, in which case you'd be SOL either way.)
+
+     - Change bn_nist.c so that it will properly handle input BIGNUMs
+       outside the expected range.
+
+     - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG
+       builds.
+
+     [Neel Mehta, Bodo Moeller]
+
   *) Add support for Local Machine Keyset attribute in PKCS#12 files.
      [Steve Henson]
author	Bodo Möller <bodo@openssl.org>	2008-09-14 13:42:34 +0000
committer	Bodo Möller <bodo@openssl.org>	2008-09-14 13:42:34 +0000
commit	f8d6be3f8170c4aa3bea1618994f912629f3d0c3 (patch)
tree	18c4c5d270339284cc408289fff7cbf6994b6163 /CHANGES
parent	d493899579429374026bc11c60859d5af9c2a0dc (diff)