[openssl-commits] Errored: openssl/openssl#8072 (OpenSSL_1_1_0-stable - c088325)

Travis CI builds at travis-ci.org
Wed Jan 25 06:32:43 UTC 2017


Build Update for openssl/openssl
-------------------------------------

Build: #8072
Status: Errored

Duration: 1 hour, 12 minutes, and 41 seconds
Commit: c088325 (OpenSSL_1_1_0-stable)
Author: Matt Caswell
Message: Fix SSL_get0_raw_cipherlist()

SSL_get0_raw_cipherlist() was a little too "raw" in the case of an SSLv2
compat ClientHello. In 1.0.2 and below, during version negotiation, if
we received an SSLv2 compat ClientHello but actually wanted to do SSLv3+
then we would construct a "fake" SSLv3+ ClientHello. This "fake" ClientHello
would have its ciphersuite list converted to the SSLv3+ format. It was
this "fake" raw list that got saved away to later be returned by a call to
SSL_get0_raw_cipherlist().

In 1.1.0+ version negotiation works differently and we process an SSLv2
compat ClientHello directly without the need for an intermediary "fake"
ClientHello. This meant that the raw ciphersuite list being saved was in
the SSLv2 format. Any caller of this function would not expect that and
potentially overread the returned buffer by one byte.

Fixes #2189

Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2280)
(cherry picked from commit 07afdf3c3ac97af4f2b4eec22a97f7230f8227e0)

View the changeset: https://github.com/openssl/openssl/compare/0de0fb887b46...c088325b42ce

View the full build log and details: https://travis-ci.org/openssl/openssl/builds/194835714

--

You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-commits/attachments/20170125/14cec6ba/attachment.html>


More information about the openssl-commits mailing list