projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1e4406a) | patch
Sanity check record length before skipping explicit IV in DTLS
authorDr. Stephen Henson <steve@openssl.org>
Thu, 10 May 2012 14:44:20 +0000 (14:44 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 10 May 2012 14:44:20 +0000 (14:44 +0000)
commita969ca5cc81ad49fe2457b3b951d367e7bc726b7
treee945c96d8d87450d7522207e4ba2a344ccd62f81tree | snapshot
parent1e4406a854c4fb1f18b1332cbd17bc8c3c6ec2cdcommit | diff
Sanity check record length before skipping explicit IV in DTLS
to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
CHANGES diff | blob | history
ssl/d1_enc.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.