{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1752910930, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"350ef7bd0cad30163af5b586bf50aab8", "commit": {"type":"commit", "time": 1486633726, "time_ofs": 0, "oid_tree": { "oid": "236b80510a9b6fb8a0a1ecb5d2a48b7e7c6823c0", "alias": []}, "oid":{ "oid": "6d047e06e67cd1f6d83a52b83643e96b4cdbfb51", "alias": []}, "msg": "SSL_get_shared_sigalgs: handle negative idx parameter", "sig_commit": { "git_time": { "time": 1486633726, "offset": 0 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" }, "sig_author": { "git_time": { "time": 1486033870, "offset": 60 }, "name": "Peter Wu", "email": "peter@lekensteyn.nl", "md5": "285b1f0f4caadc088a38c40aea22feba" }}, "body": "SSL_get_shared_sigalgs: handle negative idx parameter\n\nWhen idx is negative (as is the case with do_print_sigalgs in\napps/s_cb.c), AddressSanitizer complains about a buffer overflow (read).\nEven if the pointer is not dereferenced, this is undefined behavior.\n\nChange the user not to use \u0022-1\u0022 as index since the function is\ndocumented to return 0 on out-of-range values.\n\nTested with `openssl s_server` and `curl -k https://localhost:4433`.\n\nReviewed-by: Rich Salz \u003crsalz@openssl.org\u003e\nReviewed-by: Matt Caswell \u003cmatt@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/2349)" , "diff": "diff --git a/apps/s_cb.c b/apps/s_cb.c\nindex 550969d..e0d432d 100644\n--- a/apps/s_cb.c\n+++ b/apps/s_cb.c\n@@ -239,7 +239,7 @@ static int do_print_sigalgs(BIO *out, SSL *s, int shared)\n int i, nsig, client;\n client \u003d SSL_is_server(s) ? 0 : 1;\n if (shared)\n- nsig \u003d SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);\n+ nsig \u003d SSL_get_shared_sigalgs(s, 0, NULL, NULL, NULL, NULL, NULL);\n else\n nsig \u003d SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);\n if (nsig \u003d\u003d 0)\ndiff --git a/ssl/t1_lib.c b/ssl/t1_lib.c\nindex 1534a54..43340d4 100644\n--- a/ssl/t1_lib.c\n+++ b/ssl/t1_lib.c\n@@ -1684,6 +1684,7 @@ int SSL_get_shared_sigalgs(SSL *s, int idx,\n {\n const SIGALG_LOOKUP *shsigalgs;\n if (s-\u003ecert-\u003eshared_sigalgs \u003d\u003d NULL\n+ || idx \u003c 0\n || idx \u003e\u003d (int)s-\u003ecert-\u003eshared_sigalgslen\n || s-\u003ecert-\u003eshared_sigalgslen \u003e INT_MAX)\n return 0;\n","s":{"c":1752838184,"u": 64433}} ],"g": 1299,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "7d0a"}