Hacker News new | ask | show | jobs
by formerly_proven 1321 days ago
Bog standard buffer overflow caused by incorrect bounds checking. Yes.
1 comments
nequo 1321 days ago
Indeed. For illustration, the Ubuntu commits that fix the two CVEs:

https://git.launchpad.net/ubuntu/+source/openssl/commit/?h=a...

  -        if (written_out > max_out)
  +        if (written_out >= max_out)

  [...]
https://git.launchpad.net/ubuntu/+source/openssl/commit/?id=...

  -            if (tmpptr != NULL)
  -                PUSHC('.');
  +            PUSHC(tmpptr != NULL ? '.' : '\0');

  -    char a_ulabel[LABEL_BUF_SIZE];
  +    char a_ulabel[LABEL_BUF_SIZE + 1];
https://git.launchpad.net/ubuntu/+source/openssl/commit/?id=...

  -            || type->origin == EVP_ORIG_METH) {
  +            || (type != NULL && type->origin == EVP_ORIG_METH)
  +            || (type == NULL && ctx->digest != NULL
  +                             && ctx->digest->origin == EVP_ORIG_METH)) {

  -            || impl != NULL) {
  +            || impl != NULL
  +            || (cipher != NULL && cipher->origin == EVP_ORIG_METH)
  +            || (cipher == NULL && ctx->cipher != NULL
  +                               && ctx->cipher->origin == EVP_ORIG_METH)) {
link