projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 123370f) | patch
Fix CVE-2014-0221
authorDr. Stephen Henson <steve@openssl.org>
Fri, 16 May 2014 12:00:45 +0000 (13:00 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 3 Jun 2014 15:30:37 +0000 (16:30 +0100)
commit519c977c47b30d5ca24000b146c0e0bbb360279e
tree4cedda5cdf51f877199c571f12f2a094deb7a9datree | snapshot
parent123370fb9437e016b5a5192166ad027b90c73d9bcommit | diff
Fix CVE-2014-0221

Unnecessary recursion when receiving a DTLS hello request can be used to
crash a DTLS client. Fixed by handling DTLS hello request without recursion.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
ssl/d1_both.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.