Skip Menu |
 

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 116598
Status: open
Priority: 0/
Queue: Net-SSLeay

People
Owner: Nobody in particular
Requestors: sinan [...] unur.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



CC: bug-Net-SSLeay [...] rt.cpan.org
Subject: Incorrect use of sizeof in tlsext_ticket_key_cb_invoke
Date: Sun, 31 Jul 2016 07:47:04 -0400
To: "A. Sinan Unur" <sinan [...] unur.com>
From: "A. Sinan Unur" <sinan [...] unur.com>
Download (untitled) / with headers
text/plain 686b
I just built 1.76 where you moved from bzero to memset to fix https://rt.cpan.org/Public/Bug/Display.html?id=116596 However, upon closer inspection, I see the following in the function tlsext_ticket_key_cb_invoke in file SSLeay.c in https://cpan.metacpan.org/authors/id/M/MI/MIKEM/Net-SSLeay-1.76.tar.gz One of the parameters of this function is: unsigned char *key_name, On line 1324, you have: memset(key_name, 0, sizeof(key_name)); That is a serious bug. sizeof(pointer) will only ever return the size of the pointer, not the area of the memory it points to. See also the C FAQ: http://c-faq.com/aryptr/aryparmsize.html http://c-faq.com/malloc/sizeof.html -- Sinan
Subject: Re: [rt.cpan.org #116598] AutoReply: Incorrect use of sizeof in tlsext_ticket_key_cb_invoke
Date: Sun, 31 Jul 2016 08:16:26 -0400
To: bug-Net-SSLeay [...] rt.cpan.org
From: "A. Sinan Unur" <nanis [...] cpan.org>
Download (untitled) / with headers
text/plain 223b
Show quoted text
Apologies for the confusion, I meant to refer to SSLeay.xs rather than the generated SSLeay.c file. SSLeay.xs:1315: memset(key_name, 0, sizeof(key_name)); -- Sinan
Subject: Re: [rt.cpan.org #116598] Incorrect use of sizeof in tlsext_ticket_key_cb_invoke
Date: Mon, 01 Aug 2016 06:29:02 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Download (untitled) / with headers
text/plain 1.4k
Thanks for reporting this Fixed in new version 1.78 On Sunday, July 31, 2016 07:47:18 AM A. Sinan Unur via RT wrote: Show quoted text
> Sun Jul 31 07:47:13 2016: Request 116598 was acted upon. > Transaction: Ticket created by sinan@unur.com > Queue: Net-SSLeay > Subject: Incorrect use of sizeof in tlsext_ticket_key_cb_invoke > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: sinan@unur.com > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=116598 > > > > I just built 1.76 where you moved from bzero to memset to fix > https://rt.cpan.org/Public/Bug/Display.html?id=116596 > > However, upon closer inspection, I see the following in the function > > tlsext_ticket_key_cb_invoke > > in file SSLeay.c in > https://cpan.metacpan.org/authors/id/M/MI/MIKEM/Net-SSLeay-1.76.tar.gz > > One of the parameters of this function is: > > unsigned char *key_name, > > On line 1324, you have: > > memset(key_name, 0, sizeof(key_name)); > > That is a serious bug. sizeof(pointer) will only ever return the size > of the pointer, not the area of the memory it points to. See also the > C FAQ: > > http://c-faq.com/aryptr/aryparmsize.html > http://c-faq.com/malloc/sizeof.html > > -- Sinan
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.