Errored: openssl/openssl#33483 (master - fd03868)

Travis CI builds at travis-ci.org
Mon Mar 30 15:39:33 UTC 2020 

Build Update for openssl/openssl
-------------------------------------

Build: #33483
Status: Errored

Duration: 59 mins and 23 secs
Commit: fd03868 (master)
Author: Nicola Tuveri
Message: Fix off-by-1 bug on provider_activate with custom error strings

Starting `cnt` from 1 would work if we weren't using cnt itself to
access elements of the array returned calling the provider callback.

As it is before this commit, we have 2 problems:
- first, in the unlikely case that the incoming array was "empty" (only
  contains the terminator item) we would skip past it and potentially
  end up with oob reads;
- otherwise, at the end of the while loop, `cnt` will be equal to the
  number of items in the input array, not 1 more. We then add 1 more to
  the zalloc call to account for the library name item, and we fill all
  of it (relying on zalloc to have zeroed the terminator item).
  The first read access that will read the list up to the terminator
  will result in a OOB read as we did not allocate enough space to also
  contain the terminator.

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11427)

View the changeset: https://github.com/openssl/openssl/compare/e15d369781eb...fd03868b34fa

View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/668778614?utm_medium=notification&utm_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-commits/attachments/20200330/01b5a698/attachment-0001.html>

More information about the openssl-commits mailing list