projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8106d61) | patch
Reject invalid PSS parameters.
authorDr. Stephen Henson <steve@openssl.org>
Mon, 9 Mar 2015 23:16:33 +0000 (23:16 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 19 Mar 2015 13:01:13 +0000 (13:01 +0000)
commit09f06923e636019c39c807cb59c481375e720556
tree9fce22d849ad939875ff3a95f5e48fe0abab263ftree | snapshot
parent8106d61c354430d6bbbd7f8e7840a39efc0f5829commit | diff
Reject invalid PSS parameters.

Fix a bug where invalid PSS parameters are not rejected resulting in a
NULL pointer exception. This can be triggered during certificate
verification so could be a DoS attack against a client or a server
enabling client authentication.

Thanks to Brian Carpenter for reporting this issues.

CVE-2015-0208

Reviewed-by: Tim Hudson <tjh@openssl.org>
crypto/rsa/rsa_ameth.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.