[openssl-commits] Errored: openssl/openssl#2446 (master - 5f57abe)

Travis CI builds at travis-ci.org
Fri Mar 4 13:28:17 UTC 2016


Build Update for openssl/openssl
-------------------------------------

Build: #2446
Status: Errored

Duration: 29 minutes and 39 seconds
Commit: 5f57abe (master)
Author: Dr. Stephen Henson
Message: Sanity check PVK file fields.

PVK files with abnormally large length or salt fields can cause an
integer overflow which can result in an OOB read and heap corruption.
However this is an rarely used format and private key files do not
normally come from untrusted sources the security implications not
significant.

Fix by limiting PVK length field to 100K and salt to 10K: these should be
more than enough to cover any files encountered in practice.

Issue reported by Guido Vranken.

Reviewed-by: Rich Salz <rsalz at openssl.org>

View the changeset: https://github.com/openssl/openssl/compare/0b2fc9286f84...5f57abe2b150

View the full build log and details: https://travis-ci.org/openssl/openssl/builds/113553701

--

You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-commits/attachments/20160304/0f50f024/attachment.html>


More information about the openssl-commits mailing list