Patch: https://github.com/openssl/openssl/commit/70428eada9bc4cf314...
Advisory mirror: https://gist.github.com/FiloSottile/99ad6b52688f5a1f0a5fa200...
Preliminary analysis: https://news.ycombinator.com/item?id=11621038
But it no longer
checked that there was enough data to have both the MAC and padding
bytes.
... I am beyond words.Just the C usual stuff, but good bone coders use all the warnings and analyzers from gcc and clang and never commit such errors.
I'm not sure whether you are sarcastic or not, but to me the seemingly endless amount of this kind of bug in high profile projects like OpenSSL is pretty good proof that nobody can write secure C.
Very high profile, no CVEs found to date.
EDIT: Can't respond to lambda below.
I was responding to THIS assertion, not proposing libsodium as a general purpose openssl replacement: "nobody can write secure C."
To which I said, here's a project that's written in C that's apparently secure.