projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9fd3555) | patch
Fix OID handling:
authorEmilia Kasper <emilia@openssl.org>
Wed, 2 Jul 2014 17:02:33 +0000 (19:02 +0200)
committerMatt Caswell <matt@openssl.org>
Wed, 6 Aug 2014 20:30:39 +0000 (21:30 +0100)
commit57b0c4697a3388706b6746dc16d053787aa5cac0
treece7967cb7db016adfff0cb0d5d7e1e8b4548e2ddtree | snapshot
parent9fd35553053c17ef2815fd30832e7efd77250567commit | diff
Fix OID handling:

- Upon parsing, reject OIDs with invalid base-128 encoding.
- Always NUL-terminate the destination buffer in OBJ_obj2txt printing function.

CVE-2014-3508

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
crypto/asn1/a_object.c diff | blob | history
crypto/objects/obj_dat.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.