Multiblock corrupted pointer fix
authorMatt Caswell <matt@openssl.org>
Mon, 2 Mar 2015 09:27:10 +0000 (09:27 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 19 Mar 2015 11:11:02 +0000 (11:11 +0000)
commit1d2a18dc5a3b3363e17db5af8b6b0273856ac077
treebcf2a22522fb21ec678e0fb38eb645216e2bd5bc
parent7ead0c89185c46378e3ed85c0012d083f4b3039b
Multiblock corrupted pointer fix

OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This
feature only applies on 64 bit x86 architecture platforms that support AES
NI instructions. A defect in the implementation of "multiblock" can cause
OpenSSL's internal write buffer to become incorrectly set to NULL when
using non-blocking IO. Typically, when the user application is using a
socket BIO for writing, this will only result in a failed connection.
However if some other BIO is used then it is likely that a segmentation
fault will be triggered, thus enabling a potential DoS attack.

CVE-2015-0290

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
ssl/s3_pkt.c