[openssl-commits] Errored: openssl/openssl#8453 (master - bd5d27c)
Travis CI
builds at travis-ci.org
Sat Feb 11 06:52:59 UTC 2017
Build Update for openssl/openssl
-------------------------------------
Build: #8453
Status: Errored
Duration: 20 minutes and 18 seconds
Commit: bd5d27c (master)
Author: David Benjamin
Message: Don't read uninitialised data for short session IDs.
While it's always safe to read |SSL_MAX_SSL_SESSION_ID_LENGTH| bytes
from an |SSL_SESSION|'s |session_id| array, the hash function would do
so with without considering if all those bytes had been written to.
This change checks |session_id_length| before possibly reading
uninitialised memory. Since the result of the hash function was already
attacker controlled, and since a lookup of a short session ID will
always fail, it doesn't appear that this is anything more than a clean
up.
In particular, |ssl_get_prev_session| uses a stack-allocated placeholder
|SSL_SESSION| as a lookup key, so the |session_id| array may be
uninitialised.
This was originally found with libFuzzer and MSan in
https://boringssl.googlesource.com/boringssl/+/e976e4349d693b4bbb97e1694f45be5a1b22c8c7,
then by Robert Swiecki with honggfuzz and MSan here. Thanks to both.
Reviewed-by: Geoff Thorpe <geoff at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2583)
View the changeset: https://github.com/openssl/openssl/compare/76e624a003db...bd5d27c1c6d3
View the full build log and details: https://travis-ci.org/openssl/openssl/builds/200194893
--
You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-commits/attachments/20170211/a41a1c0c/attachment-0001.html>
More information about the openssl-commits
mailing list