Google Git
Sign in
chromium / chromiumos / third_party / openssl / refs/heads/factory-2268.16.B
commitf0d9d5444631cf260a0913408deab348f19a89b9[log] [tgz]
authorGaurav Shah <gauravsh@chromium.org>Fri Apr 27 22:10:49 2012
committerGaurav Shah <gauravsh@chromium.org>Fri Apr 27 22:10:49 2012
tree0ca828ea0c1387b6983ec0f66a3fbb0044356502
parentd21ee11b35a410dc687261bfc837822755e715ff [diff]
BACKPORT: Apply fix for CVE-2012-2131

Fix is from http://cvs.openssl.org/chngview?cn=22479

The previous fix for CVE-2012-221 did not handle the 'len' argument to
BUF_MEM_grow and BUF_MEM_grow_clean being negative. This patch fixes that
by rejecting a negative len parameter.

BUG=chromium-os:30134
TEST=patched; emerge-amd64-generic openssl;
     chroot /build/amd64-generic/ /usr/bin/curl -Iv https://encrypted.google.com;
     chroot /build/amd64-generic/ /usr/bin/openssl s_client -connect encrypted.google.com:443 -debug;
     Outside the chroot:
        make all && make tests

Change-Id: I4a45d21c4fdf611d52be7c12e5f623e9771394f1
1 file changed
tree: 0ca828ea0c1387b6983ec0f66a3fbb0044356502
  1. apps/
  2. bugs/
  3. certs/
  4. crypto/
  5. demos/
  6. doc/
  7. engines/
  8. fips/
  9. include/
  10. MacOS/
  11. ms/
  12. Netware/
  13. os2/
  14. shlib/
  15. ssl/
  16. test/
  17. times/
  18. tools/
  19. util/
  20. VMS/
  21. ACKNOWLEDGMENTS
  22. CHANGES
  23. CHANGES.SSLeay
  24. config
  25. Configure
  26. e_os.h
  27. e_os2.h
  28. FAQ
  29. INSTALL
  30. install.com
  31. INSTALL.DJGPP
  32. INSTALL.MacOS
  33. INSTALL.NW
  34. INSTALL.OS2
  35. INSTALL.VMS
  36. INSTALL.W32
  37. INSTALL.W64
  38. INSTALL.WCE
  39. LICENSE
  40. Makefile
  41. Makefile.org
  42. Makefile.shared
  43. makevms.com
  44. NEWS
  45. openssl.doxy
  46. openssl.spec
  47. PROBLEMS
  48. README
  49. README.ASN1
  50. README.ENGINE