projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bff5319) | patch
Fix OID handling:
authorEmilia Kasper <emilia@openssl.org>
Wed, 2 Jul 2014 17:02:33 +0000 (19:02 +0200)
committerMatt Caswell <matt@openssl.org>
Wed, 6 Aug 2014 21:02:00 +0000 (22:02 +0100)
commitb9a73f5481fb8d5aac535622759cb0f632f39914
treedb0d5fdff56a2563728fb7852c1d47902c9562b7tree | snapshot
parentbff5319d9038765f864ef06e2e3c766f5c01dbd7commit | diff
Fix OID handling:

- Upon parsing, reject OIDs with invalid base-128 encoding.
- Always NUL-terminate the destination buffer in OBJ_obj2txt printing function.

CVE-2014-3508

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
crypto/asn1/a_object.c diff | blob | history
crypto/objects/obj_dat.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.