git.ipfire.org Git - thirdparty/openssl.git/commit

]> git.ipfire.org Git - thirdparty/openssl.git/commit - CHANGES

projects / thirdparty / openssl.git / commit

author	Emilia Kasper <emilia@openssl.org>
	Wed, 2 Sep 2015 13:31:28 +0000 (15:31 +0200)
committer	Emilia Kasper <emilia@openssl.org>
	Thu, 17 Sep 2015 17:48:14 +0000 (19:48 +0200)
commit	3cdd1e94b1d71f2ce3002738f9506da91fe2af45
tree	0fc97f2792ce196b5486448aed1b2642a19bca21	tree \| snapshot
parent	4bd16463b84efb13ce5fb35add284e284b0fd819	commit \| diff

RT3757: base64 encoding bugs

Rewrite EVP_DecodeUpdate.

In particular: reject extra trailing padding, and padding in the middle
of the content. Don't limit line length. Add tests.

Previously, the behaviour was ill-defined, and depended on the position
of the padding within the input.

In addition, this appears to fix a possible two-byte oob read.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>

CHANGES		diff \| blob \| blame \| history
crypto/evp/encode.c		diff \| blob \| blame \| history
test/evp_test.c		diff \| blob \| blame \| history
test/evptests.txt		diff \| blob \| blame \| history

A mirror of the official openssl repository

RSS Atom