Fix a minor information leak that was introduced in t1_lib.c r1.71, whereby

an additional 28 bytes of .rodata (or .data) is provided to the network. In most cases this is a non-issue since the memory content is already public. Issue found and reported by Felix Groebert of the Google Security Team. ok bcook@ beck@
author: jsing <jsing@openbsd.org> 2015-03-02 13:43:09 +0000
committer: jsing <jsing@openbsd.org> 2015-03-02 13:43:09 +0000
commit: 3442de22bab643e442a8df0c9585d25ca4efe72c (patch)
tree: 1567a5a8404ba494dbc3e2888f0429f5ea272e6e /lib/libssl/t1_lib.c
parent: In athn(4), set USB pipe pointers to NULL after closing pipes. Not really (diff)
download: wireguard-openbsd-3442de22bab643e442a8df0c9585d25ca4efe72c.tar.xz
wireguard-openbsd-3442de22bab643e442a8df0c9585d25ca4efe72c.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 60cef857b5a..9b7f54682bc 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.74 2014/12/14 14:34:43 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.75 2015/03/02 13:43:09 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -395,7 +395,7 @@ tls1_get_curvelist(SSL *s, int client_curves, const uint16_t **pcurves,
 	*pcurveslen = s->tlsext_ellipticcurvelist_length;
 	if (*pcurves == NULL) {
 		*pcurves = eccurves_default;
-		*pcurveslen = sizeof(eccurves_default);
+		*pcurveslen = sizeof(eccurves_default) / 2;
 	}
 }
author	jsing <jsing@openbsd.org>	2015-03-02 13:43:09 +0000
committer	jsing <jsing@openbsd.org>	2015-03-02 13:43:09 +0000
commit	3442de22bab643e442a8df0c9585d25ca4efe72c (patch)
tree	1567a5a8404ba494dbc3e2888f0429f5ea272e6e /lib/libssl/t1_lib.c
parent	In athn(4), set USB pipe pointers to NULL after closing pipes. Not really (diff)
download	wireguard-openbsd-3442de22bab643e442a8df0c9585d25ca4efe72c.tar.xz wireguard-openbsd-3442de22bab643e442a8df0c9585d25ca4efe72c.zip