[openssl-commits] Failed: openssl/openssl#4267 (OpenSSL_1_0_2-stable - a004e72)

Travis CI builds at travis-ci.org
Wed Jun 1 13:42:06 UTC 2016


Build Update for openssl/openssl
-------------------------------------

Build: #4267
Status: Failed

Duration: 14 minutes and 7 seconds
Commit: a004e72 (OpenSSL_1_0_2-stable)
Author: Matt Caswell
Message: Avoid some undefined pointer arithmetic

A common idiom in the codebase is:

if (p + len > limit)
{
    return; /* Too long */
}

Where "p" points to some malloc'd data of SIZE bytes and
limit == p + SIZE

"len" here could be from some externally supplied data (e.g. from a TLS
message).

The rules of C pointer arithmetic are such that "p + len" is only well
defined where len <= SIZE. Therefore the above idiom is actually
undefined behaviour.

For example this could cause problems if some malloc implementation
provides an address for "p" such that "p + len" actually overflows for
values of len that are too big and therefore p + len < limit!

Issue reported by Guido Vranken.

CVE-2016-2177

Reviewed-by: Rich Salz <rsalz at openssl.org>

View the changeset: https://github.com/openssl/openssl/compare/f792c663048f...a004e72b9583

View the full build log and details: https://travis-ci.org/openssl/openssl/builds/134447006

--

You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-commits/attachments/20160601/0f71f01e/attachment-0001.html>


More information about the openssl-commits mailing list