[openssl/openssl] 558eb2: SSL_set1_groups_list(): Fix memory corruption with...

Hamilton Chapman noreply at github.com
Sun Feb 25 10:04:21 UTC 2024 

  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: 558eb2e63fe2c57196e5781e0142e5b3e8a8efef
      https://github.com/openssl/openssl/commit/558eb2e63fe2c57196e5781e0142e5b3e8a8efef
  Author: Michael Baentsch <57787676+baentsch at users.noreply.github.com>
  Date:   2024-02-22 (Thu, 22 Feb 2024)

  Changed paths:
    M ssl/t1_lib.c
    M test/sslapitest.c
    M test/tls-provider.c

  Log Message:
  -----------
  SSL_set1_groups_list(): Fix memory corruption with 40 groups and more

Fixes #23624

The calculation of the size for gid_arr reallocation was wrong.
A multiplication by gid_arr array item size was missing.

Testcase is added.

Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove at arm.com>
(Merged from https://github.com/openssl/openssl/pull/23659)


  Commit: 662d72c2aeac49d6fe06026e87cac45b28c60cf4
      https://github.com/openssl/openssl/commit/662d72c2aeac49d6fe06026e87cac45b28c60cf4
  Author: Hamilton Chapman <hamchapman at gmail.com>
  Date:   2024-02-25 (Sun, 25 Feb 2024)

  Changed paths:
    M Configurations/15-ios.conf
    M Configurations/unix-Makefile.tmpl

  Log Message:
  -----------
  Ensure `$(MAKE)` commands and `CFLAGS` are appropriately quoted in the Makefile.

If a user's `make` command came from a path that contained a space then both the
`$(MAKE)` variable (and parts of the generated `CFLAGS`, when building for iOS)
would not be properly quoted and the build would fail.

Reviewed-by: Tom Cosgrove <tom.cosgrove at arm.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23663)

(cherry picked from commit aba621934696ca52193bd41cd35816649b6b321b)


Compare: https://github.com/openssl/openssl/compare/76d32595e43a...662d72c2aeac

To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications

More information about the openssl-commits mailing list