summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-04-21wrong calloc, see people do careTheo de Raadt
2014-04-21KNF.Joel Sing
2014-04-21improve realloc/calloc/malloc patterns; ok guentherTheo de Raadt
2014-04-21Delete #if 0'd time related functions which are totally expired.Theo de Raadt
No point even seeing these when we do the 2038 audit later on...
2014-04-21modernize malloc callTheo de Raadt
2014-04-21Replace entire printf-like guts with calls to libc snprintf.Theo de Raadt
funopen(3) is used to interface to BIO descriptors. ok guenther
2014-04-21Bring malloc/calloc/realloc sequences to modern standardTheo de Raadt
ok guenther
2014-04-21KNF.Joel Sing
2014-04-21clean up files we don't needTed Unangst
2014-04-21fix accidentally deleted deref.Bob Beck
2014-04-20ASN1_STRING cleanup - realloc has handled NULL since I had a mulletBob Beck
and parachute pants - and since it's obvious there is no guarantee the caller doesn't pass in the data area in the argument, use memmove instead of memcpy so overlapping areas are handled correctly. Also, pointers can be usefully printed in hex with %p, in error messaeges rather than the bizzaro stuff that was there using mystical buffer lengths and abuse of strlcpy-converted-blindly-from-strcpy
2014-04-20replace a bunch of pointer-arithmatic-strcpy-converted-blindly-to-strlcpyBob Beck
cruft with an snprintf. "better than what was there" ok guenther@
2014-04-20Eliminate duplicated logic by switching from malloc+snprintf to asprintfPhilip Guenther
ok beck@
2014-04-20Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.Philip Guenther
APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl. ok tedu@
2014-04-20Restore beck's (void)snprintf(): they were reviewed.Philip Guenther
2014-04-20Restore beck's rev 1.8: snprintf() was reviewed.Philip Guenther
2014-04-20Restore tedu's rev 1.4: snprintf() was reviewed.Philip Guenther
2014-04-20Restore beck's rev 1.7: snprintf() was reviewed.Philip Guenther
Also, use sizeof() for snprintf()'s size argument
2014-04-20Restore beck's rev 1.21: snprintf() was reviewedPhilip Guenther
2014-04-20theo found a file we don't seem to need, but just in case, i will pasteTed Unangst
the contents below: #!/usr/local/bin/perl # x86 assember
2014-04-20Restore beck's rev 1.9: snprintf() was reviewedPhilip Guenther
2014-04-20KNF.Joel Sing
2014-04-20Restore beck's rev 1.3: snprintf() was reviewedPhilip Guenther
2014-04-20More KNF.Joel Sing
2014-04-20KNF.Joel Sing
2014-04-20KNF.Joel Sing
2014-04-20KNF.Joel Sing
2014-04-20More KNF.Joel Sing
2014-04-20More KNF.Joel Sing
2014-04-20gettimeofday() is portable enough and does not need a wrapperTheo de Raadt
2014-04-20calloc() rather than malloc+memsetTheo de Raadt
2014-04-20Fix indentation, adding braces and combining a nested if to reduce depthPhilip Guenther
2014-04-20KNF.Joel Sing
2014-04-20KNF.Joel Sing
2014-04-20Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.Philip Guenther
APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl. ok tedu@
2014-04-20return after error instead of plowing ahead. noticed by mancha1 at zohoTed Unangst
2014-04-20Use calloc(a,b) instead of malloc(a*b) + memset(a*b). I don't know ifTheo de Raadt
this instance is integer-overflowable, but we cannot keep hand-auditing every instance (or apathetically ignoring these issues) when the simple calloc idiom is better in the presence of a good calloc(). It is simply unfeasible to always enter correct range checks before the aggregate size calculation, just go find some 4000 lines of code, REPAIR THEM ALL, then come back and tell me I am wrong. This only works on systems where calloc() does the integer overflow check, but if your system doesn't do this, you need to ask your vendor WHY THEY ARE 10 YEARS BEHIND IN BEST PRACTICE? This is the kind of problem that needs to be solved at the right layer. malloc integer-overflow was implicated in the 2002 OpenSSH hole. OpenSSH and much other code is now written to use calloc(), for instance OpenSSH has 103 calls to it. We feel safer with our use of calloc(). It is a natural approach for us to use calloc(). How safe do you feel on systems which lack that range check in their calloc()? Good writeup from 2006: http://undeadly.org/cgi?action=article&sid=20060330071917
2014-04-20KNF.Joel Sing
2014-04-20reset imprint to NULL to avoid double free. from mancha1 at zohoTed Unangst
2014-04-19release buffers fix was lost in merge. put it back.Ted Unangst
2014-04-19More KNF.Joel Sing
2014-04-19More KNF.Joel Sing
2014-04-19another attempt at fixing stale x509 data. since we don't know where theTed Unangst
initial storage came from, we can't free it. just memset in the sequence case. probably ok beck
2014-04-19More KNF.Joel Sing
2014-04-19More KNF.Joel Sing
2014-04-19More KNF.Joel Sing
2014-04-19KNF.Joel Sing
2014-04-19KNF.Joel Sing
2014-04-19can't actually do this. cause unknown.Ted Unangst
2014-04-19KNF.Joel Sing