| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2014-10-11 | obvious reallocarray() use | Theo de Raadt | |
| ok doug | |||
| 2014-10-11 | Userland reallocarray() audit. | Doug Hogan | |
| Avoid potential integer overflow in the size argument of malloc() and realloc() by using reallocarray() to avoid unchecked multiplication. ok deraadt@ | |||
| 2014-10-11 | use reallocarray, and avoid this << 1 ugliness. | Theo de Raadt | |
| ok doug | |||
| 2014-10-11 | Userland reallocarray() audit. | Doug Hogan | |
| Avoid potential integer overflow in the size argument of malloc() and realloc() by using reallocarray() to avoid unchecked multiplication. ok deraadt@ | |||
| 2014-10-11 | Userland reallocarray() audit. | Doug Hogan | |
| Avoid potential integer overflow in the size argument of malloc() and realloc() by using reallocarray() to avoid unchecked multiplication. ok deraadt@ | |||
| 2014-10-11 | Add UTC support to %Z conversion in strptime(). | Doug Hogan | |
| Patch from jmates at ee dot washington dot edu. ok otto@, millert@ | |||
| 2014-10-10 | replace select with equiv poll usage. | David Gwynne | |
| looks good deraadt@ tweaks and ok millert@ | |||
| 2014-10-10 | Remove unnecessary includes now that we are no longer using select() | Todd C. Miller | |
| (or struct timeval). Instead, we should include time.h for the nanosleep() prototype and struct timespec. OK dlg@ | |||
| 2014-10-09 | add an API version number. ok jsing | Ted Unangst | |
| 2014-10-09 | replace the use of select() for a short sleep with nanosleep(). | David Gwynne | |
| ok deraadt@ guenther@ | |||
| 2014-10-09 | use reallocarray(NULL, a, b) instead of malloc(a, b), which gives us | Theo de Raadt | |
| proper mult int overflow detection. The existing code already handles malloc failure properly, of course. | |||
| 2014-10-09 | USE_SHLIBDIR is archaic | Theo de Raadt | |
| 2014-10-08 | iRemove the #ifdef WIN32 implementation from libevent. | Alexander Bluhm | |
| OK nicm@ | |||
| 2014-10-08 | history | Ted Unangst | |
| 2014-10-08 | use preferred license form. can't trust that doug guy with anything... | Ted Unangst | |
| 2014-10-08 | mlinks, and prune some functions from man page i'm not ready for yet. | Ted Unangst | |
| 2014-10-08 | more better | Ted Unangst | |
| 2014-10-08 | reluctantly rename man page after a function | Ted Unangst | |
| 2014-10-08 | whack a few stray .Pp macros | Ingo Schwarze | |
| 2014-10-08 | add a few more functions. | Ted Unangst | |
| (I also forgot to credit doug for much of the initial markup in the previous commit.) | |||
| 2014-10-08 | rough sketch of ressl documentation | Ted Unangst | |
| 2014-10-08 | obvious reallocarray() | Theo de Raadt | |
| 2014-10-08 | use reallocarray() to detect multiplicative integer overflow; obvious | Theo de Raadt | |
| pattern. This commit does not fix the non-obvious bloody horror of select.c. | |||
| 2014-10-08 | obvious realloc -> reallocarray conversion | Theo de Raadt | |
| 2014-10-08 | obvious reallocarray() | Theo de Raadt | |
| 2014-10-08 | using reallocarray() gives us multiplicative integer overflow checking | Theo de Raadt | |
| in case something wants to create massive amounts of environment, like a bit more than 1/4 of a 32-bit address space. unrealistic -- but why audit one code path, and not treat others the same? then you have to re-engage everytime you see the code. read the news, that isn't what developers do. At least if the code paths look the same, there is hope, because they are easier to verify for correctness. developers need to give other developers a chance to want to care. | |||
| 2014-10-08 | obvious conversion of realloc() to reallocarray(). Luckily this is | Theo de Raadt | |
| using pollfd, because if this was fd_set... it would not be obvious (or easy) | |||
| 2014-10-08 | obvious reallocarray(); ok doug | Theo de Raadt | |
| 2014-10-08 | obvious malloc -> reallocarray, for mult int oflow | Theo de Raadt | |
| 2014-10-08 | use reallocarray(); ok doug | Theo de Raadt | |
| 2014-10-08 | reallocarray() to detect potential int overflow; ok doug | Theo de Raadt | |
| 2014-10-08 | reallocarray() for mult int overflow detect; ok doug | Theo de Raadt | |
| 2014-10-07 | Use strdup() instead of malloc() + memcpy(). | Miod Vallat | |
| ok doug@ jsing@ | |||
| 2014-10-07 | EC_KEY_set_group() does an EC_GROUP_dup() of its argument, so we don't | Miod Vallat | |
| need to do it in ec_copy_parameters() prior to invoking EC_KEY_set_group(). ok doug@ jsing@ | |||
| 2014-10-06 | Remove the #ifdef HAVE_SIGACTION from libevent. The struct | Alexander Bluhm | |
| evsignal_info does not change, so no library crank. OK nicm@ deraadt@ | |||
| 2014-10-06 | When verifying whether an IP address is in the commonName of a | Jeremie Courreges-Anglas | |
| certificate, do not perform wildcard matching. Suggested by Richard Moore (rich@kde) ok tedu@ | |||
| 2014-10-06 | If we have to match against a wildcard in a cert, verify that it contains | Jeremie Courreges-Anglas | |
| at least a domain label before the tld, as in *.example.org. Suggested by Richard Moore (rich@kde) ok tedu@ | |||
| 2014-10-05 | The fixes to X509_PURPOSE_add() in r1.18 actually could cause a global | Miod Vallat | |
| X509_PURPOSE object (obtained with X509_PURPOSE_get0() instead of being allocated in the function) to be freed if modifying that object would fail due to a low memory condition, while this object would still be referenced elsewhere. Fix this by only cleaning the object if we did not allocate it here. While there, fail early if either `name' or `sname' are NULL, rather than allocating an object and realizing we have nothing to strdup() into it. ok guenther@ | |||
| 2014-10-05 | Be sure to check the stack push operation for success in v2i_POLICY_MAPPINGS(); | Miod Vallat | |
| if it fails, free the object we were about to push. Factor error handling to avoid having four copies of about the same code. ok guenther@ | |||
| 2014-10-05 | In v2i_AUTHORITY_INFO_ACCESS(), separate object allocation from object push | Miod Vallat | |
| on a stack; if the latter fails, we need to free the object before returning failure. ok guenther@ | |||
| 2014-10-05 | Memory leak upon error in set_dist_point_name(). | Miod Vallat | |
| ok guenther@ | |||
| 2014-10-05 | Be sure to check object allocation for success before using them. | Miod Vallat | |
| Tweaks and ok guenther@ | |||
| 2014-10-05 | Missing deallocation upon error. | Miod Vallat | |
| ok deraadt@ guenther@ | |||
| 2014-10-05 | Fix memory leak in the error path of v2i_AUTHORITY_KEYID(). | Miod Vallat | |
| ok deraadt@ guenther@ | |||
| 2014-10-05 | compile with c89 (code / decl ordering); from Joakim.Tjernlund@transmode.se | Theo de Raadt | |
| ok miod | |||
| 2014-10-05 | Use more specific curves/formats naming for local variables in | Joel Sing | |
| ssl_add_clienthello_tlsext() and ssl_add_serverhello_tlsext(), rather than the current generic naming. ok miod@ | |||
| 2014-10-05 | Use tls1_get_curvelist() in ssl_add_clienthello_tlsext(), rather than | Joel Sing | |
| hand rolling the same code. ok miod@ | |||
| 2014-10-05 | Make tls1_get_formatlist() behave the same as tls1_get_curvelist() and | Joel Sing | |
| return the client format list if the client_formats flag is specified. Use tls1_get_formatlist()/tls1_get_curvelist() in tls1_check_ec_key(), simplifying the code. ok miod@ | |||
| 2014-10-03 | verify changes are major change | Ted Unangst | |
| 2014-10-03 | Strip trailing new-lines from syslog messages. This avoids empty | Alexander Bluhm | |
| lines when printing to console or stderr. OK deraadt@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |