[openssl-dev] [openssl.org #3757] OpenSSL decodes malformed base64 encoded inputs

Hi! Looking at the CVE-2015-0292 fix: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9febee0272 the added (eof v) check seems somewhat suspicious. While it prevents integer underflow that causes out of bounds memcpy(), it still allows some messing with output via proper number

Re: [openssl.org #3200] Crash in OpenSSL 1.0.1e w/TLS 1.2 (under load)

On Wed, 18 Dec 2013 23:42:08 +0100 Stephen Henson via RT wrote: Many thanks for that info. I think I've traced the cause of the thing now with that clue. It might have security implications (DoS only though) so I'll keep any further details off the public mailing lists. This is now covered by

[openssl.org #3199] [BUG] Crash in DTLS renegotiation after packet loss

Fixed in 1.0.1f and 1.0.0l: http://www.openssl.org/news/vulnerabilities.html#2013-6450 th. __ OpenSSL Project http://www.openssl.org Development Mailing List

Re: [openssl.org #2826] OpenSSL Buffer Overflow Vulnerability Notification

On Thu, 31 May 2012 20:41:21 +0200 (CEST) David Anthony via RT wrote: There has been a new security vulnerability we have reported over at Bugtraq (http://seclists.org/bugtraq/2012/May/155) and we feel that it should also be reported to the OpenSSL dev team. If there are any questions

[openssl.org #2174] SSL_CTX_new SSL_OP_LEGACY_SERVER_CONNECT may clear previously set option

Hi! SSL_CTX_new currently contains: /* Setup RFC4507 ticket keys */ if ((RAND_pseudo_bytes(ret-tlsext_tick_key_name, 16) = 0) || (RAND_bytes(ret-tlsext_tick_hmac_key, 16) = 0) || (RAND_bytes(ret-tlsext_tick_aes_key, 16) = 0)) ret-options |= SSL_OP_NO_TICKET;