artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 31a285e) | patch
So it turns out that libcrypto on i386 platforms, unconditionaly compiles this
authormiod <miod@openbsd.org>
Tue, 22 Apr 2014 21:52:21 +0000 (21:52 +0000)
committermiod <miod@openbsd.org>
Tue, 22 Apr 2014 21:52:21 +0000 (21:52 +0000)
commit987edc824c759a2ed74c8af38a07790fe8b10d12
tree720f851a98610462c66fd906e6aff476a205094etree | snapshot
parent31a285ee9c85784ffefe282f3aa54f416527576ecommit | diff
So it turns out that libcrypto on i386 platforms, unconditionaly compiles this
little gem called OPENSSL_indirect_call(), supposedly to be ``handy under
Win32''.

In my view, this is a free-win ROP entry point. Why try and return to libc
when you can return to libcrypto with an easy to use interface?

Better not give that much attack surface, and remove this undocumented
entry point.

ok beck@ tedu@
lib/libcrypto/x86cpuid.pl diff | blob | history
lib/libssl/src/crypto/x86cpuid.pl diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim