1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-11 03:55:03 -05:00
curl/lib/vtls
Daniel Gustafsson b4bb920405 vtls: fix potential ssl_buffer stack overflow
In Curl_multissl_version() it was possible to overflow the passed in
buffer if the generated version string exceeded the size of the buffer.
Fix by inverting the logic, and also make sure to not exceed the local
buffer during the string generation.

Closes #3863
Reported-by: nevv on HackerOne/curl
Reviewed-by: Jay Satiro
Reviewed-by: Daniel Stenberg
2019-05-13 20:27:50 +02:00
..
cyassl.c multi: provide Curl_multiuse_state to update information 2019-05-01 22:51:23 +02:00
cyassl.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
gskit.c build: fix Codacy/CppCheck warnings 2019-04-11 21:08:44 +02:00
gskit.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
gtls.c multi: provide Curl_multiuse_state to update information 2019-05-01 22:51:23 +02:00
gtls.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
mbedtls.c multi: provide Curl_multiuse_state to update information 2019-05-01 22:51:23 +02:00
mbedtls.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
mesalink.c travis: upgrade the MesaLink TLS backend to v1.0.0 2019-05-01 23:25:05 +02:00
mesalink.h vtls: add a MesaLink vtls backend 2018-09-13 08:26:37 +02:00
nss.c nss: allow fifos and character devices for certificates. 2019-05-07 17:23:02 +02:00
nssg.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
openssl.c OpenSSL: Report -fips in version if OpenSSL is built with FIPS 2019-05-08 09:30:15 +02:00
openssl.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
polarssl_threadlock.c polarssl_threadlock: remove conditionally unused code 2019-04-11 21:08:42 +02:00
polarssl_threadlock.h polarssl_threadlock: remove conditionally unused code 2019-04-11 21:08:42 +02:00
polarssl.c multi: provide Curl_multiuse_state to update information 2019-05-01 22:51:23 +02:00
polarssl.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
schannel_verify.c strerror: make the strerror function use local buffers 2019-02-26 10:20:21 +01:00
schannel.c multi: provide Curl_multiuse_state to update information 2019-05-01 22:51:23 +02:00
schannel.h schannel: use Curl_ prefix for global private symbols 2018-11-01 09:39:45 +01:00
sectransp.c multi: provide Curl_multiuse_state to update information 2019-05-01 22:51:23 +02:00
sectransp.h Secure Transport: no more "darwinssl" 2019-02-28 08:42:59 +01:00
vtls.c vtls: fix potential ssl_buffer stack overflow 2019-05-13 20:27:50 +02:00
vtls.h vtls: rename some of the SSL functions 2019-03-15 10:22:42 +01:00