[vde-users] [ vde-Bugs-3603904 ] potential encryption-based overflow
Bugs item #3603904, was opened at 2013-02-08 18:58 Message generated for change (Comment added) made by danielel You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=611248&aid=3603904&group_id=95403 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Closed Resolution: Fixed Priority: 9 Private: Yes Submitted By: https://www.google.com/accounts () Assigned to: Daniele Lacamera (danielel) Summary: potential encryption-based overflow Initial Comment: Hello, while performing an audit of vde2 (https://bugs.launchpad.net/ubuntu/+source/vde2/+bug/776818) I found a bug; it may even be a security bug. If you decide this is a security issue, please contact the linux-distros security list to coordinate a release and request a CVE number. (See http://oss-security.openwall.org/wiki/mailing-lists/distros for details on using the linux-distros list. Note especially that [vs] is required in the Subject: header.) data_encypt() encrypts the data from the src buffer and places it in the dst buffer. The OpenSSL documentation is clear that the destination buffer needs to be large enough to handle (inl + cipher_block_size - 1) bytes of output, however data_encrypt() and send_udp() do not enforce that the destination buffer is the necessary size larger than the source buffer. If this constraint is somehow enforced by coding convention, please annotate that convention at the call site and data declaration sites. Thanks -- >Comment By: Daniele Lacamera (danielel) Date: 2013-03-07 12:56 Message: closed in r557 -- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=611248&aid=3603904&group_id=95403 -- Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev ___ vde-users mailing list vde-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/vde-users
[vde-users] [ vde-Bugs-3603904 ] potential encryption-based overflow
Bugs item #3603904, was opened at 2013-02-08 18:58 Message generated for change (Settings changed) made by danielel You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=611248&aid=3603904&group_id=95403 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None >Status: Closed >Resolution: Fixed >Priority: 9 Private: Yes Submitted By: https://www.google.com/accounts () Assigned to: Daniele Lacamera (danielel) Summary: potential encryption-based overflow Initial Comment: Hello, while performing an audit of vde2 (https://bugs.launchpad.net/ubuntu/+source/vde2/+bug/776818) I found a bug; it may even be a security bug. If you decide this is a security issue, please contact the linux-distros security list to coordinate a release and request a CVE number. (See http://oss-security.openwall.org/wiki/mailing-lists/distros for details on using the linux-distros list. Note especially that [vs] is required in the Subject: header.) data_encypt() encrypts the data from the src buffer and places it in the dst buffer. The OpenSSL documentation is clear that the destination buffer needs to be large enough to handle (inl + cipher_block_size - 1) bytes of output, however data_encrypt() and send_udp() do not enforce that the destination buffer is the necessary size larger than the source buffer. If this constraint is somehow enforced by coding convention, please annotate that convention at the call site and data declaration sites. Thanks -- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=611248&aid=3603904&group_id=95403 -- Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev ___ vde-users mailing list vde-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/vde-users
[vde-users] [ vde-Bugs-3603904 ] potential encryption-based overflow
Bugs item #3603904, was opened at 2013-02-08 18:58 Message generated for change (Settings changed) made by danielel You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=611248&aid=3603904&group_id=95403 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: Yes Submitted By: https://www.google.com/accounts () >Assigned to: Daniele Lacamera (danielel) Summary: potential encryption-based overflow Initial Comment: Hello, while performing an audit of vde2 (https://bugs.launchpad.net/ubuntu/+source/vde2/+bug/776818) I found a bug; it may even be a security bug. If you decide this is a security issue, please contact the linux-distros security list to coordinate a release and request a CVE number. (See http://oss-security.openwall.org/wiki/mailing-lists/distros for details on using the linux-distros list. Note especially that [vs] is required in the Subject: header.) data_encypt() encrypts the data from the src buffer and places it in the dst buffer. The OpenSSL documentation is clear that the destination buffer needs to be large enough to handle (inl + cipher_block_size - 1) bytes of output, however data_encrypt() and send_udp() do not enforce that the destination buffer is the necessary size larger than the source buffer. If this constraint is somehow enforced by coding convention, please annotate that convention at the call site and data declaration sites. Thanks -- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=611248&aid=3603904&group_id=95403 -- Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev ___ vde-users mailing list vde-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/vde-users
[vde-users] [ vde-Bugs-3603904 ] potential encryption-based overflow
Bugs item #3603904, was opened at 2013-02-08 18:58 Message generated for change (Settings changed) made by You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=611248&aid=3603904&group_id=95403 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: Yes Submitted By: https://www.google.com/accounts () Assigned to: Nobody/Anonymous (nobody) >Summary: potential encryption-based overflow Initial Comment: Hello, while performing an audit of vde2 (https://bugs.launchpad.net/ubuntu/+source/vde2/+bug/776818) I found a bug; it may even be a security bug. If you decide this is a security issue, please contact the linux-distros security list to coordinate a release and request a CVE number. (See http://oss-security.openwall.org/wiki/mailing-lists/distros for details on using the linux-distros list. Note especially that [vs] is required in the Subject: header.) data_encypt() encrypts the data from the src buffer and places it in the dst buffer. The OpenSSL documentation is clear that the destination buffer needs to be large enough to handle (inl + cipher_block_size - 1) bytes of output, however data_encrypt() and send_udp() do not enforce that the destination buffer is the necessary size larger than the source buffer. If this constraint is somehow enforced by coding convention, please annotate that convention at the call site and data declaration sites. Thanks -- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=611248&aid=3603904&group_id=95403 -- Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb ___ vde-users mailing list vde-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/vde-users
