Fix for CVE-2015-0291
authorDr. Stephen Henson <steve@openssl.org>
Tue, 3 Mar 2015 13:20:57 +0000 (13:20 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 19 Mar 2015 13:01:13 +0000 (13:01 +0000)
commit34e3edbf3a10953cb407288101fd56a629af22f9
tree2bef6b1da44e6ac8792d6a9b5bc4a8933c2a17cc
parent09f06923e636019c39c807cb59c481375e720556
Fix for CVE-2015-0291

If a client renegotiates using an invalid signature algorithms extension
it will crash a server with a NULL pointer dereference.

Thanks to David Ramos of Stanford University for reporting this bug.

CVE-2015-0291

Reviewed-by: Tim Hudson <tjh@openssl.org>
ssl/t1_lib.c