| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
We update the corpora submodule to include a fuzz testcase for the conf
timeout.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20839)
|
|
|
|
|
|
|
|
|
| |
Updated the fuzz corpora to include a testcase for the zero length
handshake fragment records issue fixed by the previous commit.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20824)
|
|
|
|
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20683)
|
|
|
|
|
|
|
|
| |
To be replaced with a git submodule.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20683)
|
|
|
|
|
|
|
|
|
|
|
|
| |
v3name_fuzzer build modifications
create 99-test_fuzz_v3name_fuzzer.t
test corpus for cve-2023-0286
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20274)
|
|
|
|
|
|
| |
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20332)
|
|
|
|
|
|
| |
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19591)
|
|
|
|
|
|
| |
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16651)
|
|
|
|
|
|
|
|
| |
Previously if an error path is entered a leak could result.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
|
|
|
|
|
|
|
|
| |
Provide a certificate with a bad issuer and check that
X509_issuer_and_serial_hash doesn't crash.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
|
|
|
|
|
|
|
|
|
|
|
| |
When printing human readable info on the Thawte Strong Extranet extension
the version number could overflow if the version number == LONG_MAX. This
is undefined behaviour.
Issue found by OSSFuzz.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13452)
|
|
|
|
|
|
| |
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11386)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
i2v_GENERAL_NAME and GENERAL_NAME_print were assuming that the type of
of a GENERAL_NAME (OTHERNAME) that we read in was the type we expected
it to be. If its something else then this can cause unexpected
behaviour. In the added fuzz test case an OOB read was occurring.
This issue was recently added by commit 4baee2d.
Credit to OSSFuzz for finding this issue.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10300)
|
|
|
|
|
| |
Reviewed-by: Tim Hudson <tjh@openssl.org>
GH: #7033
|
|
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
|
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #4653
|
|
|
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #3829
|
|
|
|
|
|
|
|
|
|
|
|
| |
conf has the ability to expand variables in config files. Repeatedly doing
this can lead to an exponential increase in the amount of memory required.
This places a limit on the length of a value that can result from an
expansion.
Credit to OSS-Fuzz for finding this problem.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2894)
|
|
|
|
|
|
| |
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2682
|
|
|
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2318
|
|
|
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
|
|
|
|
|
| |
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #2090
|
|
|
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2060
|
|
|
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2053
|
|
|
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
|
|
|
|
|
|
|
|
| |
New minimal fuzz corpora set
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #1910
|
|
|
|
|
|
|
|
| |
New minimal fuzz corpora for asn1, asn1parse, bndiv, crl and x509
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #1678
|
|
|
|
|
| |
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a new minimal corpus with the following changes:
- asn1: files: 1135 (+474), tuples: 27236 (+7496)
- asn1parse: files: 305 (-3), tuples: 8758 (+11)
- bignum: files: 370 (-1), tuples: 9547 (+10)
- bndiv: files: 160 (+0), tuples: 2416 (+6)
- cms: files: 155 (-1), tuples: 3408 (+0)
- conf: files: 231 (-11), tuples: 4668 (+3)
- crl: files: 905 (+188), tuples: 22876 (+4096)
- ct: files: 117 (+35), tuples: 3557 (+908)
- x509: files: 920, tuples: 28334
Note that tuple count depends on the binary and is random.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
|
|
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1229
|
|
|
|
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR: #2986
|
|
|
|
|
|
| |
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR: #2949
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|