[openssl-dev] [openssl.org #3797] [PATCH] evp: fix memory corruption on absent payload

Fedor Indutny via RT rt at openssl.org
Sat Apr 11 19:06:52 UTC 2015


Special credit to: Etienne Stalmans (SP) <etienne at sensepost.com> for
reporting the segfault in a first place!

On Sat, Apr 11, 2015 at 5:37 PM, Fedor Indutny via RT <rt at openssl.org>
wrote:

> Hello!
>
> aes-128-cbc-hmac-sha1, aes-256-cbc-hmac-sha1 ciphers expect the AEAD
> payload, but fail to operate if it wasn't supplied. In fact, in case of
> absent payload - `plen` is going to be `NO_PAYLOAD_LENGTH` and the
> memory will be corrupted (which sometimes leads to the crash).
>
> NOTE: 41cf2d2518f8b7f31287984ea9f13bc9d55205dc implicitly fixes this
> in 1.0.2, so this commit could be considered to be a partial back-port
> of that one.
>
> Attached is the suggested patch.
>
> Thank you,
> Fedor.
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAABAgAGBQJVKRE0AAoJENcGPM4Zt+iQKKwP/jyRhiNNMy7YVrvHTA/bF02a
> PatvQGulRJvOPw0IzB8YydAsJbrBnYrVx1eniBv+5vjcA/9Tbc3yo0drIZR+um9N
> z0ky4lDmQnIW5JHMhWkw55kEqpnV16rw5AeMfg4aNhFm/5m0tNHyb5Ft9Epu9hh0
> kLV7RGKKmdPP/3FUKtQNictKUAcESZaIJeDeB24XKTOzAuSdPEunfST0tQG6qjtL
> Chj2XrtFDJb+eonjWQmq2RZb67q2qituTOsuqv+e26mgulocnDanrRXetUiTyhDD
> fjBNXBSUHME/xmfD5ffJR/eSnzY/Xzg7E14n4S4ctIPpfZ/3ked86wCj+PC1RGT1
> Xt8lIhWwBzxDGn0161vMpFK59zWdFYBR+V6X0ubCO44F0ZfnExWAtxlr2/YkJyCS
> HYMgJEZEyIp4qt9ubJ3gOFn7r5Dzo+Dc/hi2xmEneISiYvnu5ugjh4cQU/SQxy8c
> GYI1KDbvhz0K/Z/qs/ByaSeYlcE5ZVanbvb8YyqtIAsRklaVzfapssMBMcWUTYcX
> P6lt9sAmC7/wNdXvTMCUZoLS1Gz5HX5rmfdquT82kRWI5VYfN5qwWWwz1nN3VNcb
> kyBf9NX1FJ/7tzQmYPDGNgif09vwPVD0x3q5gA5WYnrP/JZL6JYQpT9gHH7lz7Lv
> pl3+vgsqfHkGs0I+W6Hy
> =GkP4
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
>



More information about the openssl-dev mailing list