diff options
115 files changed, 805 insertions, 508 deletions
@@ -315,6 +315,91 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.6h and 0.9.7 [XX xxx 2002] + *) Introduce safe string copy and catenation functions + (BUF_strlcpy() and BUF_strlcat()). + [Ben Laurie (CHATS) and Richard Levitte] + + *) Avoid using fixed-size buffers for one-line DNs. + [Ben Laurie (CHATS)] + + *) Add BUF_MEM_grow_clean() to avoid information leakage when + resizing buffers containing secrets, and use where appropriate. + [Ben Laurie (CHATS)] + + *) Avoid using fixed size buffers for configuration file location. + [Ben Laurie (CHATS)] + + *) Avoid filename truncation for various CA files. + [Ben Laurie (CHATS)] + + *) Use sizeof in preference to magic numbers. + [Ben Laurie (CHATS)] + + *) Avoid filename truncation in cert requests. + [Ben Laurie (CHATS)] + + *) New OPENSSL_assert() macro (similar to assert(), but enabled + unconditionally). + [Ben Laurie (CHATS)] + + *) Add assertions to check for (supposedly impossible) buffer + overflows. + [Ben Laurie (CHATS)] + + *) Don't cache truncated DNS entries in the local cache (this could + potentially lead to a spoofing attack). + [Ben Laurie (CHATS)] + + *) Fix various buffers to be large enough for hex/decimal + representations in a platform independent manner. + [Ben Laurie (CHATS)] + + *) Add CRYPTO_realloc_clean() to avoid information leakage when + resizing buffers containing secrets, and use where appropriate. + [Ben Laurie (CHATS)] + + *) Add BIO_indent() to avoid much slightly worrying code to do + indents. + [Ben Laurie (CHATS)] + + *) Convert sprintf()/BIO_puts() to BIO_printf(). + [Ben Laurie (CHATS)] + + *) buffer_gets() could terminate with the buffer only half + full. Fixed. + [Ben Laurie (CHATS)] + + *) Add assertions to prevent user-supplied crypto functions from + overflowing internal buffers by having large block sizes, etc. + [Ben Laurie (CHATS)] + + *) Eliminate unused copy of key in RC4. + [Ben Laurie (CHATS)] + + *) Eliminate unused and incorrectly sized buffers for IV in pem.h. + [Ben Laurie (CHATS)] + + *) Fix off-by-one error in EGD path. + [Ben Laurie (CHATS)] + + *) If RANDFILE path is too long, ignore instead of truncating. + [Ben Laurie (CHATS)] + + *) Eliminate unused and incorrectly sized X.509 structure + CBCParameter. + [Ben Laurie (CHATS)] + + *) Eliminate unused and dangerous function knumber(). + [Ben Laurie (CHATS)] + + *) Eliminate unused and dangerous structure, KSSL_ERR. + [Ben Laurie (CHATS)] + + *) Protect against overlong session ID context length in an encoded + session object. Since these are local, this does not appear to be + exploitable. + [Ben Laurie (CHATS)] + *) Change from security patch (see 0.9.6e below) that did not affect the 0.9.6 release series: diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index 01346531e3..f1a4ad0fde 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -852,31 +852,32 @@ rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h rand.o: ../include/openssl/txt_db.h ../include/openssl/ui.h rand.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h rand.o: ../include/openssl/x509_vfy.h apps.h rand.c -req.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h -req.o: ../include/openssl/bio.h ../include/openssl/blowfish.h -req.o: ../include/openssl/bn.h ../include/openssl/buffer.h -req.o: ../include/openssl/cast.h ../include/openssl/conf.h -req.o: ../include/openssl/crypto.h ../include/openssl/des.h -req.o: ../include/openssl/des_old.h ../include/openssl/dh.h -req.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -req.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -req.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -req.o: ../include/openssl/err.h ../include/openssl/evp.h -req.o: ../include/openssl/idea.h ../include/openssl/lhash.h -req.o: ../include/openssl/md2.h ../include/openssl/md4.h -req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h -req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -req.o: ../include/openssl/rand.h ../include/openssl/rc2.h -req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h -req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -req.o: ../include/openssl/safestack.h ../include/openssl/sha.h -req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -req.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c +req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h +req.o: ../include/openssl/asn1.h ../include/openssl/bio.h +req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h +req.o: ../include/openssl/buffer.h ../include/openssl/cast.h +req.o: ../include/openssl/conf.h ../include/openssl/crypto.h +req.o: ../include/openssl/des.h ../include/openssl/des_old.h +req.o: ../include/openssl/dh.h ../include/openssl/dsa.h +req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +req.o: ../include/openssl/engine.h ../include/openssl/err.h +req.o: ../include/openssl/evp.h ../include/openssl/idea.h +req.o: ../include/openssl/lhash.h ../include/openssl/md2.h +req.o: ../include/openssl/md4.h ../include/openssl/md5.h +req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +req.o: ../include/openssl/pem.h ../include/openssl/pem2.h +req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +req.o: ../include/openssl/sha.h ../include/openssl/stack.h +req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +req.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +req.o: ../include/openssl/x509v3.h apps.h req.c rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h diff --git a/apps/apps.c b/apps/apps.c index be7a80acb8..305227d7ab 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -337,8 +337,7 @@ void program_name(char *in, char *out, int size) p++; else p=in; - strncpy(out,p,size-1); - out[size-1]='\0'; + BUF_strlcpy(out,p,size); } #endif #endif @@ -447,16 +446,20 @@ int app_init(long mesgwin) int dump_cert_text (BIO *out, X509 *x) { - char buf[256]; - X5 |