CVSROOT: /cvs
Module name: src
Changes by: m...@cvs.openbsd.org 2014/04/22 15:52:21
Modified files:
lib/libssl/src/crypto: x86cpuid.pl
Log message:
So it turns out that libcrypto on i386 platforms, unconditionaly compiles this
little gem called OPENSSL_indirect_call(), supposedly to be ``handy under
Win32''.
In my view, this is a free-win ROP entry point. Why try and return to libc
when you can return to libcrypto with an easy to use interface?
Better not give that much attack surface, and remove this undocumented
entry point.
ok beck@ tedu@
