Vulnerability Development mailing list archives
RE: exploit code targeting OpenSSL and Mod_SSL ?
From: Arne Ansper <arne () ats cyber ee>
Date: Wed, 16 Apr 2003 12:12:27 +0300 (FLE Daylight Time)
There are also a number of calloc() overflow errors out there that affect openssl. Goto http://www.securitytracker.com and search on calloc() or openssl and you'll get a good list
Where do you find calloc() used in OpenSSL? OpenSSL does all memory allocations via OPENSSL_malloc and OPENSSL_realloc wrapper functions that use malloc and realloc by default. I just grepped OpenSSL source and did not find a single occurence of calloc. Arne
Current thread:
- exploit code targeting OpenSSL and Mod_SSL ? John (Apr 15)
- Re: exploit code targeting OpenSSL and Mod_SSL ? Joe Stewart (Apr 15)
- Re: exploit code targeting OpenSSL and Mod_SSL ? Simayi (Apr 17)
- Re: exploit code targeting OpenSSL and Mod_SSL ? Geoffroy Raimbault (Apr 15)
- <Possible follow-ups>
- RE: exploit code targeting OpenSSL and Mod_SSL ? Don Sauer (Apr 15)
- RE: exploit code targeting OpenSSL and Mod_SSL ? Arne Ansper (Apr 16)
- Re: exploit code targeting OpenSSL and Mod_SSL ? Joe Stewart (Apr 15)