Check for potentially exploitable overflows in asn1_d2i_read_bio

BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
author: Dr. Stephen Henson <steve@openssl.org> 2012-04-19 11:36:09 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-04-19 11:36:09 +0000
commit: 556e27b14f652fa39daa1148035e22b62525df15 (patch)
tree: 48b7d7f9173deef46edd5d1d53e62ccc04e52972 /CHANGES
parent: af0c009d70ff28f6e90cc37da4b2987d5cbbbadb (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index b3424e898e..a2275713fb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,14 @@
 
  Changes between 0.9.8u and 0.9.8v [xx XXX xxxx]
 
-  *)
+  *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+     BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+     in CRYPTO_realloc_clean.
+
+     Thanks to Tavis Ormandy, Google Security Team, for discovering this
+     issue and to Adam Langley <agl@chromium.org> for fixing it.
+     (CVE-2012-2110)
+     [Adam Langley (Google), Tavis Ormandy, Google Security Team]
 
  Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
author	Dr. Stephen Henson <steve@openssl.org>	2012-04-19 11:36:09 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-04-19 11:36:09 +0000
commit	556e27b14f652fa39daa1148035e22b62525df15 (patch)
tree	48b7d7f9173deef46edd5d1d53e62ccc04e52972 /CHANGES
parent	af0c009d70ff28f6e90cc37da4b2987d5cbbbadb (diff)