projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4b22cce) | patch
Fix for CVE-2015-0291
authorDr. Stephen Henson <steve@openssl.org>
Tue, 3 Mar 2015 13:20:57 +0000 (13:20 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 19 Mar 2015 12:58:35 +0000 (12:58 +0000)
commit76343947ada960b6269090638f5391068daee88d
tree020aa94395f96caa9efa308238ef175033477234tree | snapshot
parent4b22cce3812052fe64fc3f6d58d8cc884e3cb834commit | diff
Fix for CVE-2015-0291

If a client renegotiates using an invalid signature algorithms extension
it will crash a server with a NULL pointer dereference.

Thanks to David Ramos of Stanford University for reporting this bug.

CVE-2015-0291

Reviewed-by: Tim Hudson <tjh@openssl.org>
Conflicts:
ssl/t1_lib.c
ssl/t1_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.