Hi,
Type: patch
We use the following patch on openSUSE to make sure that openssl
uses non-executable stack by marking the assembler code as
not requiring x-stack.
Ciao, Marcus
--- crypto/perlasm/x86unix.pl
+++ crypto/perlasm/x86unix.pl
@@ -586,6 +586,7 @@
push(@out,$const);
$const=;
}
Our QA found a scenario where openssl req is crashing,
this is tracked in https://bugzilla.novell.com/show_bug.cgi?id=430141
It seems a non-asn1 converted string is passed into ASN1_TYPE_set1.
We applied the patch attached.
Ciao, Marcus
Index: openssl-0.9.8h/crypto/x509/x509_att.c
OCSP_parse_url has a bad sequence of initializing the parameter
returns and buf strdupping + error handling.
If the first error handling triggers, it will access the
3 argument pointers uninitialized memory.
(the goto mem_err; patch will free **pport et.al.)
found by Coverity scanner.
Ciao,
Hi,
NCONF_free(cnf) is again called later when errors are handled,
which would lead to double free of cnf.
Spotted by Coverity checker.
Ciao, Marcus
--- apps/asn1pars.c.xx 2011-05-18 14:40:29.0 +0200
+++ apps/asn1pars.c 2011-05-18 14:40:43.0 +0200
@@ -408,6 +408,7 @@
HI,
apps/engine.c, function setup_engine()
It has return e; on success,
but the code has:
/* Free our structural reference. */
ENGINE_free(e);
}
return e;
ENGINE_free(e) makes e invalid, so returning it is very dangerous.
The return
Hi,
Coverity thinks that in this sequence b-ptr is used
after free and I have to agree:
case BIO_C_SET_SSL:
if (ssl != NULL)
ssl_free(b);// MARCUS: frees also b-ptr
b-shutdown=(int)num;
ssl=(SSL *)ptr;
Hi,
(I am not fully sure I understand it right.)
Coverity thinks dsa_builtin_paramgen() can use portions of seed uninitialized
and I can agree.
If seed_len is 0 but qsize, the memcpy(seed,seed_in,seed_len) does
not trigger, but seed is used, being a uninitialized stack variable.
This would
Hi,
probably not triggers in real life conditions.
also spotted by Coverity, untested.
--- ssl/t1_lib.c.xx 2011-05-18 15:50:08.0 +
+++ ssl/t1_lib.c2011-05-18 15:50:22.0 +
@@ -1714,8 +1714,10 @@
return -1;
}
Hi,
SUSE has received a bugreport from a user, that the padding extension
change breaks IronPort SMTP appliances.
There might a RT on this already, not sure.
https://bugzilla.novell.com/show_bug.cgi?id=875639
On Thu, Jun 12, 2014 at 07:11:24PM +0200, Stephen Henson via RT wrote:
On Thu Jun 12 18:16:55 2014, meiss...@suse.de wrote:
Hi,
The Net-SSLeay perl module failed its testsuite after 1.0.1g - 1.0.1h
update.
The code looks like this:
... create more X509 certificate stuff ...
Hi,
I am debugging a testsuite error in the perl Net-SSLeay module, which got
introduced between 1.0.2a
and 1.0.2c.
The test code looks like this:
... private key in $pk ...
ok(my $alg2 = Net::SSLeay::EVP_get_cipherbyname(DES-EDE3-OFB),
EVP_get_cipherbyname);
like(my $key_pem4 =
Hi,
apply this patch ...
commit c01f7e9e233e5e5dabd1ec01eb17198b0798e092
Author: Marcus Meissner
Date: Tue Nov 10 16:24:51 2015 +0100
fixed wrong argument to BIO_printf
diff --git a/test/dsatest.c b/test/dsatest.c
index 1f4b837..fe25352 100644
--- a/test/dsatest.c
Hi,
https://github.com/openssl/openssl/pull/466
If you try to run OPENSSL_config twice, it will fail on loading engines.
(We encountered this case with ruby and libzypp both running OPENSSL_config
in the same process.)
Ciao, Marcus
--
Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409
Hi,
In a mix of various libraries using openssl it can happen
that OPENSSL_config is called multiple times.
Usually this works, but e.g. if you have engines configured,
the second load of engines will not work.
OPENSSL_config checks openssl_configured on begin, but
does not set it when done.
14 matches
Mail list logo