projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f338c2e) | patch
Fix SRP buffer overrun vulnerability.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 31 Jul 2014 19:56:22 +0000 (20:56 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 6 Aug 2014 19:41:24 +0000 (20:41 +0100)
commit53348780e9936f49b4ced7459e32d0bebbf9e8fa
treee04451f4f9994b300b890e5b394fcb6d417c9bdbtree | snapshot
parentf338c2e0c2ce1e89cf8eba2d38878081f46b9dcecommit | diff
Fix SRP buffer overrun vulnerability.

Invalid parameters passed to the SRP code can be overrun an internal
buffer. Add sanity check that g, A, B < N to SRP code.

Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
Group for reporting this issue.
crypto/srp/srp_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.