projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a5362db) | patch
Fix CVE-2014-0221
authorDr. Stephen Henson <steve@openssl.org>
Fri, 16 May 2014 12:00:45 +0000 (13:00 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 5 Jun 2014 12:22:03 +0000 (13:22 +0100)
commitb4322e1de8be66ff230e26999b766ca1a42f9476
tree7c52d81aae19b471d5723a13f933cc9d669229fetree | snapshot
parenta5362db4603910b1bb978163e0e7dc8890727300commit | diff
Fix CVE-2014-0221

Unnecessary recursion when receiving a DTLS hello request can be used to
crash a DTLS client. Fixed by handling DTLS hello request without recursion.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
(cherry picked from commit d3152655d5319ce883c8e3ac4b99f8de4c59d846)
ssl/d1_both.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.