projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 006cd70) | patch
Fix CVE-2014-0221
authorDr. Stephen Henson <steve@openssl.org>
Fri, 16 May 2014 12:00:45 +0000 (13:00 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 5 Jun 2014 08:04:27 +0000 (09:04 +0100)
commitd3152655d5319ce883c8e3ac4b99f8de4c59d846
tree20c416de4a94e74543c839bd8a4c3e550640ae33tree | snapshot
parent006cd7083f76ed5cb0d9a914857e9231ef1bc317commit | diff
Fix CVE-2014-0221

Unnecessary recursion when receiving a DTLS hello request can be used to
crash a DTLS client. Fixed by handling DTLS hello request without recursion.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
ssl/d1_both.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.