Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL_set1_groups_list(): Fix memory corruption with 40 groups and more #23661

Closed
wants to merge 1 commit into from
Closed

SSL_set1_groups_list(): Fix memory corruption with 40 groups and more #23661

wants to merge 1 commit into from

Conversation

baentsch
Copy link
Contributor

Fixes #23624

The calculation of the size for gid_arr reallocation was wrong. A multiplication by gid_arr array item size was missing.

Testcase is added.

Reviewed-by: Nicola Tuveri nic.tuv@gmail.com
Reviewed-by: Matt Caswell matt@openssl.org
Reviewed-by: Tomas Mraz tomas@openssl.org
(Cherry-pick from #23625)

@baentsch
SSL_set1_groups_list(): Fix memory corruption with 40 groups and more
367c88c 
Fixes openssl#23624

The calculation of the size for gid_arr reallocation was wrong.
A multiplication by gid_arr array item size was missing.

Testcase is added.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Cherry-pick from openssl#23625)
tom-cosgrove-arm
tom-cosgrove-arm approved these changes Feb 22, 2024
View reviewed changes
Copy link
Contributor

@tom-cosgrove-arm tom-cosgrove-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tom-cosgrove-arm tom-cosgrove-arm mentioned this pull request Feb 22, 2024
Closed
@t8m t8m added approval: done This pull request has the required number of approvals triaged: bug The issue/pr is/fixes a bug branch: 3.0 Merge to openssl-3.0 branch branch: 3.1 Merge to openssl-3.1 tests: present The PR has suitable tests present and removed branch: 3.1 Merge to openssl-3.1 labels Feb 22, 2024
shahsb
shahsb approved these changes Feb 22, 2024
View reviewed changes
Copy link
Contributor

@shahsb shahsb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@openssl-machine openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Feb 23, 2024
@openssl-machine
Copy link
Collaborator

This pull request is ready to merge

@t8m
Copy link
Member

t8m commented Feb 25, 2024

Merged to the 3.0 branch. Thank you for your contribution.

@t8m t8m closed this Feb 25, 2024
openssl-machine pushed a commit that referenced this pull request Feb 25, 2024
@baentsch
SSL_set1_groups_list(): Fix memory corruption with 40 groups and more
d9d260e 
Fixes #23624

The calculation of the size for gid_arr reallocation was wrong.
A multiplication by gid_arr array item size was missing.

Testcase is added.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Cherry-pick from #23625)

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from #23661)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@t8m t8m t8m approved these changes

@shahsb shahsb shahsb approved these changes

@tom-cosgrove-arm tom-cosgrove-arm tom-cosgrove-arm approved these changes

Assignees
No one assigned
Labels
approval: ready to merge The 24 hour grace period has passed, ready to merge branch: 3.0 Merge to openssl-3.0 branch tests: present The PR has suitable tests present triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@baentsch @openssl-machine @t8m @shahsb @tom-cosgrove-arm