aboutsummaryrefslogtreecommitdiff
path: root/docs/SECURITY.md
diff options
context:
space:
mode:
authorJay Satiro <raysatiro@yahoo.com>2017-11-20 01:26:19 -0500
committerDaniel Stenberg <daniel@haxx.se>2017-11-27 08:19:25 +0100
commit9b5e12a5491d2e6b68e0c88ca56f3a9ef9fba400 (patch)
treede7836086c8ffe253392188dd29894f6a115e581 /docs/SECURITY.md
parentc79b2ca03d94d996c23cee13859735cc278838c1 (diff)
url: fix alignment of ssl_backend_data struct
- Align the array of ssl_backend_data on a max 32 byte boundary. 8 is likely to be ok but I went with 32 for posterity should one of the ssl_backend_data structs change to contain a larger sized variable in the future. Prior to this change (since dev 70f1db3, release 7.56) the connectdata structure was undersized by 4 bytes in 32-bit builds with ssl enabled because long long * was mistakenly used for alignment instead of long long, with the intention being an 8 byte boundary. Also long long may not be an available type. The undersized connectdata could lead to oob read/write past the end in what was expected to be the last 4 bytes of the connection's secondary socket https proxy ssl_backend_data struct (the secondary socket in a connection is used by ftp, others?). Closes https://github.com/curl/curl/issues/2093 CVE-2017-8818 Bug: https://curl.haxx.se/docs/adv_2017-af0a.html
Diffstat (limited to 'docs/SECURITY.md')
0 files changed, 0 insertions, 0 deletions