So it turns out that libcrypto on i386 platforms, unconditionaly compiles this

little gem called OPENSSL_indirect_call(), supposedly to be ``handy under
Win32''.

In my view, this is a free-win ROP entry point. Why try and return to libc
when you can return to libcrypto with an easy to use interface?

Better not give that much attack surface, and remove this undocumented
entry point.

ok beck@ tedu@

0 files changed, 0 insertions, 0 deletions