[openssl-commits] Errored: openssl/openssl#8453 (master - bd5d27c)
builds at travis-ci.org
Sat Feb 11 06:52:59 UTC 2017
Build Update for openssl/openssl
Duration: 20 minutes and 18 seconds
Commit: bd5d27c (master)
Author: David Benjamin
Message: Don't read uninitialised data for short session IDs.
While it's always safe to read |SSL_MAX_SSL_SESSION_ID_LENGTH| bytes
from an |SSL_SESSION|'s |session_id| array, the hash function would do
so with without considering if all those bytes had been written to.
This change checks |session_id_length| before possibly reading
uninitialised memory. Since the result of the hash function was already
attacker controlled, and since a lookup of a short session ID will
always fail, it doesn't appear that this is anything more than a clean
In particular, |ssl_get_prev_session| uses a stack-allocated placeholder
|SSL_SESSION| as a lookup key, so the |session_id| array may be
This was originally found with libFuzzer and MSan in
then by Robert Swiecki with honggfuzz and MSan here. Thanks to both.
Reviewed-by: Geoff Thorpe <geoff at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2583)
View the changeset: https://github.com/openssl/openssl/compare/76e624a003db...bd5d27c1c6d3
View the full build log and details: https://travis-ci.org/openssl/openssl/builds/200194893
You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-commits