[openssl/openssl] 9b3219: ssl_cipher_process_rulestr: don't read outside rul...
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.com/openssl/openssl Commit: 9b3219ba544db82cdad3058b9872058739559944 https://github.com/openssl/openssl/commit/9b3219ba544db82cdad3058b9872058739559944 Author: Todd C. Miller Date: 2022-10-26 (Wed, 26 Oct 2022) Changed paths: M ssl/ssl_ciph.c Log Message: --- ssl_cipher_process_rulestr: don't read outside rule_str buffer If rule_str ended in a "-", "l" was incremented one byte past the end of the buffer. This resulted in an out-of-bounds read when "l" is dereferenced at the end of the loop. It is safest to just return early in this case since the condition occurs inside a nested loop. CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19166) (cherry picked from commit 428511ca66670e169a0e1b12e7540714b0be4cf8)
[openssl/openssl] 3efb41: ssl_cipher_process_rulestr: don't read outside rul...
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 3efb41c026d7de1442517ba5d49aa60b93c7f124 https://github.com/openssl/openssl/commit/3efb41c026d7de1442517ba5d49aa60b93c7f124 Author: Todd C. Miller Date: 2022-10-26 (Wed, 26 Oct 2022) Changed paths: M ssl/ssl_ciph.c Log Message: --- ssl_cipher_process_rulestr: don't read outside rule_str buffer If rule_str ended in a "-", "l" was incremented one byte past the end of the buffer. This resulted in an out-of-bounds read when "l" is dereferenced at the end of the loop. It is safest to just return early in this case since the condition occurs inside a nested loop. CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19166) (cherry picked from commit 428511ca66670e169a0e1b12e7540714b0be4cf8)
[openssl/openssl] 91caaa: ssl_cipher_process_rulestr: don't read outside rul...
Branch: refs/heads/openssl-3.1 Home: https://github.com/openssl/openssl Commit: 91caaa3ba3e5db40e13ab7321072ea4cfce188e2 https://github.com/openssl/openssl/commit/91caaa3ba3e5db40e13ab7321072ea4cfce188e2 Author: Todd C. Miller Date: 2022-10-26 (Wed, 26 Oct 2022) Changed paths: M ssl/ssl_ciph.c Log Message: --- ssl_cipher_process_rulestr: don't read outside rule_str buffer If rule_str ended in a "-", "l" was incremented one byte past the end of the buffer. This resulted in an out-of-bounds read when "l" is dereferenced at the end of the loop. It is safest to just return early in this case since the condition occurs inside a nested loop. CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19166) (cherry picked from commit 428511ca66670e169a0e1b12e7540714b0be4cf8)
[openssl/openssl] 428511: ssl_cipher_process_rulestr: don't read outside rul...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 428511ca66670e169a0e1b12e7540714b0be4cf8 https://github.com/openssl/openssl/commit/428511ca66670e169a0e1b12e7540714b0be4cf8 Author: Todd C. Miller Date: 2022-10-26 (Wed, 26 Oct 2022) Changed paths: M ssl/ssl_ciph.c Log Message: --- ssl_cipher_process_rulestr: don't read outside rule_str buffer If rule_str ended in a "-", "l" was incremented one byte past the end of the buffer. This resulted in an out-of-bounds read when "l" is dereferenced at the end of the loop. It is safest to just return early in this case since the condition occurs inside a nested loop. CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19166)