openssl/ssl
Michael Baentsch f4ed6eed2c SSL_set1_groups_list(): Fix memory corruption with 40 groups and more
Fixes #23624

The calculation of the size for gid_arr reallocation was wrong.
A multiplication by gid_arr array item size was missing.

Testcase is added.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23625)
2024-02-22 12:48:21 +01:00
..
quic Minor updates 2024-02-19 10:15:46 +01:00
record Future proof RLAYER_USE_EXPLICIT_IV by checking dtls versions directly. 2024-02-20 11:07:01 +01:00
rio QUIC POLLING: Support no-quic builds 2024-02-10 11:37:14 +00:00
statem When selecting a method ensure we use the correct client/server version 2024-01-31 10:10:55 +00:00
bio_ssl.c QUIC APL: Implement optimised FIN API 2024-01-23 14:20:06 +00:00
build.info QUIC RIO: Add frontend SSL_poll implementation 2024-02-10 11:37:14 +00:00
d1_lib.c Move freeing of an old record layer to dtls1_clear_sent_buffer 2023-11-21 13:09:28 +01:00
d1_msg.c Copyright year updates 2023-09-07 09:59:15 +01:00
d1_srtp.c libssl: Make some global mutable structures constant 2024-02-02 09:10:12 +00:00
event_queue.c Remove a spurious inclusion of the sparse array header file 2023-09-25 07:45:32 +10:00
methods.c Update some inclusions of <openssl/macros.h> 2019-11-07 11:37:25 +01:00
pqueue.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
priority_queue.c Fix bug in priority queue remove function 2023-11-08 11:09:12 +00:00
s3_enc.c libssl: Make some global mutable structures constant 2024-02-02 09:10:12 +00:00
s3_lib.c Simplify ssl protocol version comparisons. 2024-01-03 15:55:17 +00:00
s3_msg.c Resolve a TODO in ssl3_dispatch_alert 2022-11-14 10:14:41 +01:00
ssl_asn1.c RFC7250 (RPK) support 2023-03-28 13:49:54 -04:00
ssl_cert_comp.c Copyright year updates 2023-09-07 09:59:15 +01:00
ssl_cert_table.h Make ssl_cert_info read-only 2023-11-27 07:51:33 +00:00
ssl_cert.c Make ssl_cert_info read-only 2023-11-27 07:51:33 +00:00
ssl_ciph.c libssl: Make some global mutable structures constant 2024-02-02 09:10:12 +00:00
ssl_conf.c replace strstr() with strchr() for single characters 2024-01-25 16:39:09 +01:00
ssl_err_legacy.c Update copyright year 2021-06-17 13:24:59 +01:00
ssl_err.c QUIC: Add polling API 2024-02-10 11:37:14 +00:00
ssl_init.c Copyright year updates 2023-09-28 14:23:29 +01:00
ssl_lib.c Removes record_queue struct which is no longer useful. 2024-02-16 16:33:14 +01:00
ssl_local.h QLOG: Editorial fixes (QLOG is spelled 'qlog') 2024-02-02 11:50:29 +00:00
ssl_mcnf.c Consolidate raising errors in SSL_CONF_cmd() 2023-12-19 12:03:02 +01:00
ssl_rsa_legacy.c Deprecate RSA harder 2020-11-18 23:38:34 +01:00
ssl_rsa.c Copyright year updates 2023-09-07 09:59:15 +01:00
ssl_sess.c Extended SSL_SESSION functions using time_t 2024-02-21 10:28:17 +01:00
ssl_stat.c Add support for compressed certificates (RFC8879) 2022-10-18 09:30:22 -04:00
ssl_txt.c Cast values to match printf format strings. 2022-11-14 07:47:53 +00:00
ssl_utst.c Remove the old buffer management code 2022-10-20 14:39:33 +01:00
sslerr.h QUIC APL: Implement optimised FIN API 2024-01-23 14:20:06 +00:00
t1_enc.c Move increment of dtls epoch to change cipher state function 2024-01-18 12:48:46 +01:00
t1_lib.c SSL_set1_groups_list(): Fix memory corruption with 40 groups and more 2024-02-22 12:48:21 +01:00
t1_trce.c IANA has assigned numbers for 2 hybrid PQ KEX widely used in tests 2023-11-24 11:40:36 +01:00
tls13_enc.c Copyright year updates 2023-09-07 09:59:15 +01:00
tls_depr.c SSL object refactoring using SSL_CONNECTION object 2022-07-28 10:04:28 +01:00
tls_srp.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00