[openssl-commits] Errored: openssl/openssl#8453 (master - bd5d27c)

Travis CI builds at travis-ci.org
Sat Feb 11 06:52:59 UTC 2017

Build Update for openssl/openssl

Build: #8453
Status: Errored

Duration: 20 minutes and 18 seconds
Commit: bd5d27c (master)
Author: David Benjamin
Message: Don't read uninitialised data for short session IDs.

While it's always safe to read |SSL_MAX_SSL_SESSION_ID_LENGTH| bytes
from an |SSL_SESSION|'s |session_id| array, the hash function would do
so with without considering if all those bytes had been written to.

This change checks |session_id_length| before possibly reading
uninitialised memory. Since the result of the hash function was already
attacker controlled, and since a lookup of a short session ID will
always fail, it doesn't appear that this is anything more than a clean

In particular, |ssl_get_prev_session| uses a stack-allocated placeholder
|SSL_SESSION| as a lookup key, so the |session_id| array may be

This was originally found with libFuzzer and MSan in
then by Robert Swiecki with honggfuzz and MSan here. Thanks to both.

Reviewed-by: Geoff Thorpe <geoff at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2583)

View the changeset: https://github.com/openssl/openssl/compare/76e624a003db...bd5d27c1c6d3

View the full build log and details: https://travis-ci.org/openssl/openssl/builds/200194893


You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-commits/attachments/20170211/a41a1c0c/attachment-0001.html>

More information about the openssl-commits mailing list