projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 897169f) | patch
Fix CVE-2014-0221
authorDr. Stephen Henson <steve@openssl.org>
Fri, 16 May 2014 12:00:45 +0000 (13:00 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 3 Jun 2014 15:30:23 +0000 (16:30 +0100)
commitde2422affbe24262496f477edeb1c04017907eb4
tree4b49610696a1841a99a7752bc4389e96c59a1ea7tree | snapshot
parent897169fdf06bf75b4d0c503d61abb45656dd90a6commit | diff
Fix CVE-2014-0221

Unnecessary recursion when receiving a DTLS hello request can be used to
crash a DTLS client. Fixed by handling DTLS hello request without recursion.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
ssl/d1_both.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.