Re: incorrect integer conversions in OpenSSL can result in memory corruption.

[Benjamin Kreuter <ben.kreuter () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Thu, 19 Apr 2012 12:35:22 +0200
Tavis Ormandy <taviso () cmpxchg8b com> wrote:

> All versions of OpenSSL on all platforms up to and including version
> 1.0.1 are affected.

[snip]

> BUF_MEM_grow_clean accepts a size_t, but the subroutine it uses to
> handle the allocation only accepts a 32bit signed integer.

Correct me if I am wrong, but shouldn't this only be a problem on
systems where a size_t is wider than an int i.e. not on 32 bit systems?

- -- Ben



- -- 
Benjamin R Kreuter
UVA Computer Science
brk7bx () virginia edu
KK4FJZ

- --

"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iQIcBAEBCgAGBQJPkCHhAAoJEOV0+MnZK9ijbWoQAJC8v+OkmNJexaZdBXj3EVhs
hQR9nAUj1LljJxUA03z4X/eO0qfd+YusRtpt3v8w8Lbc1eULI05/1AVbt9C9pnh4
jX89fw+MjWx35aSUnlPWZTVO7JZspIIY3Khhm+RX0mEy6X2QtFhmrrRDxeedKC8M
CHp6ZXhVVo/mkCrPUg7tN68mufN6nnR5jOHRs/PcsxvfDV4eu5IbvdLYQygg6a6p
fmH2nuBeuvsYFTbWsVB+r2NTREDsNfO0g58B01AqabhyjtwQ5lJQ6mcEmmIalyeI
HDB0pYXIcOpRZpDXWsDXvXrRUNCYBAwBT2g8hguTb64yzTl8ySNfJIKp7jlU+sTb
lFlfGDiXLTFAnBFE8DXszUoE55PqrL4HMQSww6vM5h2gpAatn5r8HyuoUkpniD1m
z/cxULWgDw3YxcM1OnoJVvb+WcPuWlWjtpX4nT/3CYi+vV4TOHhL7yctg9VsEPKL
YuSZ3ZppfKnZe59v2CR+/azy3tDPUtBGSrDKSePXbtmYR5gXKpQX7BrX70mXyCVe
Czf+7q+/qW0dySLjXmiAPtBiyYv/ggdYJJ4DHCZMX6ilPbGI+Tt8A1KJ0mz+o9Uz
rFoYRpVECQio/bnz906B15a2VBXjsZb+DZ3VbHqOVDCNtxV6cHfHIjUs0XSyDPMj
CIcgX/FcVyT1lqHo7NeZ
=3sF/
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/