mbedtls/library
Gilles Peskine 2414ce1a5e Parse HelloVerifyRequest: avoid buffer overread at the start
In ssl_parse_hello_verify_request, we read 3 bytes (version and cookie
length) without checking that there are that many bytes left in
ssl->in_msg. This could potentially read from memory outside of the
ssl->receive buffer (which would be a remotely exploitable
crash).
2019-11-21 14:18:27 +01:00
..
.gitignore Split libs with make + general make cleanups 2015-06-25 10:59:56 +02:00
aes.c Add missing MBEDTLS_DEPRECATED_REMOVED guards 2018-02-21 19:16:20 +01:00
aesni.c Fix build errors on x32 by using the generic 'add' instruction 2016-05-23 14:29:28 +01:00
arc4.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
asn1parse.c Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-13 13:54:14 +01:00
asn1write.c Merge remote-tracking branch 'public/pr/1655' into mbedtls-2.7 2018-06-12 17:40:08 +01:00
base64.c Add comment to integer overflow fix in base64.c 2017-02-15 23:31:07 +02:00
bignum.c Minor fixes 2018-03-09 10:48:12 +00:00
blowfish.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
camellia.c Address user reported coverity issues. 2016-06-07 14:52:35 +01:00
ccm.c enforce input and output of ccm selftest on stack 2018-07-30 11:43:08 +03:00
certs.c Undo API change from SHA1 deprecation 2017-07-27 21:44:33 +01:00
cipher.c Move definition of MBEDTLS_CIPHER_MODE_STREAM 2018-06-28 08:44:47 +03:00
cipher_wrap.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
cmac.c Merge remote-tracking branch 'public/pr/1390' into mbedtls-2.7 2018-06-27 11:11:34 +01:00
CMakeLists.txt Update library version number to 2.7.6 2018-08-31 16:07:23 +01:00
ctr_drbg.c ctr_drbg: Typo fix in the file description comment. 2018-02-10 11:11:41 +02:00
debug.c Fix compilation error with Mingw32 2017-09-06 17:51:14 +03:00
des.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
dhm.c Merge remote-tracking branch 'upstream-restricted/pr/410' into development-restricted 2018-01-26 18:43:04 +00:00
ecdh.c Address PR cpomments reviews 2017-10-10 19:04:27 +03:00
ecdsa.c Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH 2018-03-30 18:43:16 +02:00
ecjpake.c Fix multiple quality issues in the source 2018-06-08 11:14:43 +01:00
ecp.c Fix memory leak in ecp_mul_comb() if ecp_precompute_comb() fails 2018-07-26 11:08:06 +03:00
ecp_curves.c ECP: Add module and function level replacement options. 2017-05-11 22:42:14 +01:00
entropy.c Merge branch 'development' into development-restricted 2018-01-25 17:28:31 +00:00
entropy_poll.c Renames null entropy source function for clarity 2016-06-12 00:31:33 +01:00
error.c Update error.c 2018-03-30 18:52:10 +02:00
gcm.c Merge remote-tracking branch 'upstream-public/pr/964' into development 2018-01-02 16:24:29 +01:00
havege.c Fixes warnings found by Clang static analyser 2016-05-23 23:18:26 +01:00
hmac_drbg.c Zeroize tmp bufs in hmac_drbg.c functions 2017-06-26 10:22:24 +01:00
Makefile Merge remote-tracking branch 'upstream-public/pr/1500' into mbedtls-2.7-proposed 2018-04-01 12:41:29 +02:00
md.c Merge branch 'development' into development-restricted 2018-01-25 17:28:31 +00:00
md2.c MD: Make deprecated functions not inline 2018-02-22 08:20:42 +00:00
md4.c MD: Make deprecated functions not inline 2018-02-22 08:20:42 +00:00
md5.c Fix Lucky 13 cache attack on MD/SHA padding 2018-07-12 10:18:37 +02:00
md_wrap.c New MD API: rename functions from _ext to _ret 2018-01-22 11:54:42 +01:00
memory_buffer_alloc.c Fix braces in mbedtls_memory_buffer_alloc_status() 2018-05-23 16:32:33 +01:00
net_sockets.c Merge remote-tracking branch 'public/pr/1711' into mbedtls-2.7 2018-06-14 11:01:14 +01:00
oid.c pkcs5v2: add support for additional hmacSHA algorithms 2018-02-08 17:18:15 +08:00
padlock.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pem.c Merge remote-tracking branch 'upstream-public/pr/778' into mbedtls-2.7-proposed 2018-03-12 23:44:56 +01:00
pk.c Change PK module preprocessor check on word size 2017-08-04 13:32:15 +01:00
pk_wrap.c Clarify the use of MBEDTLS_ERR_PK_SIG_LEN_MISMATCH 2018-03-30 18:43:16 +02:00
pkcs5.c Treat warnings as errors for IAR 2018-05-25 14:58:33 +01:00
pkcs11.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pkcs12.c Shut up a few clang-analyze warnings about use of uninitialized variables 2016-05-23 14:29:28 +01:00
pkparse.c Remove unnecessary mark as unused #1098 (backport) 2018-07-20 14:08:02 +02:00
pkwrite.c Adapt PK test suite to use new interface 2017-08-23 16:17:27 +01:00
platform.c Merge remote-tracking branch 'upstream-public/pr/1079' into mbedtls-2.7-proposed 2018-03-11 00:48:17 +01:00
ripemd160.c MD: Make deprecated functions not inline 2018-02-22 08:20:42 +00:00
rsa.c Merge tag 'mbedtls-2.7.2' into iotssl-1381-x509-verify-refactor-2.7-restricted 2018-03-23 02:12:44 +01:00
rsa_internal.c Add explicit type cast to avoid truncation warning 2018-01-03 09:27:40 +00:00
sha1.c Fix Lucky 13 cache attack on MD/SHA padding 2018-07-12 10:18:37 +02:00
sha256.c Fix Lucky 13 cache attack on MD/SHA padding 2018-07-12 10:18:37 +02:00
sha512.c Fix Lucky 13 cache attack on MD/SHA padding 2018-07-12 10:18:37 +02:00
ssl_cache.c Address PR review comments 2017-10-29 17:53:52 +02:00
ssl_ciphersuites.c Add ecc extensions only if ecc ciphersuite is used 2018-06-28 15:49:34 +03:00
ssl_cli.c Parse HelloVerifyRequest: avoid buffer overread at the start 2019-11-21 14:18:27 +01:00
ssl_cookie.c Fix resource leak when using mutex and ssl_cookie 2017-03-02 12:26:11 +00:00
ssl_srv.c Merge remote-tracking branch 'upstream-public/pr/1814' into mbedtls-2.7 2018-08-10 11:01:29 +01:00
ssl_ticket.c Puts platform time abstraction into its own header 2016-07-13 14:46:18 +01:00
ssl_tls.c Merge remote-tracking branch 'restricted/pr/437' into mbedtls-2.7-restricted 2018-08-28 15:34:28 +01:00
threading.c Do not define and initialize global mutexes on configurations that do not use them. 2018-03-21 15:13:08 +00:00
timing.c Fix alarm(0) failure on mingw32 2018-01-29 10:24:50 +01:00
version.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
version_features.c Merge branch 'prr_424' into mbedtls-2.7-proposed 2018-02-22 16:07:32 +01:00
x509.c x509.c: Remove unused includes 2018-07-02 12:13:26 +01:00
x509_create.c Fix other occurrences of same bounds check issue 2015-10-21 12:50:45 +02:00
x509_crl.c x509: CRL: reject unsupported critical extensions 2018-03-14 09:24:12 +01:00
x509_crt.c Merge remote-tracking branch 'restricted/pr/498' into mbedtls-2.7-restricted 2018-08-28 15:29:55 +01:00
x509_csr.c Coding style 2018-06-22 11:45:38 +01:00
x509write_crt.c New MD API: rename functions from _ext to _ret 2018-01-22 11:54:42 +01:00
x509write_csr.c Clarify code-paths in x509write_csr and x509write_crt 2017-09-22 16:05:43 +01:00
xtea.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00