projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c7a47ad) | patch
Sanity check the ticket length before using key name/IV
authorMatt Caswell <matt@openssl.org>
Tue, 20 Feb 2018 10:20:20 +0000 (10:20 +0000)
committerMatt Caswell <matt@openssl.org>
Wed, 21 Feb 2018 11:19:11 +0000 (11:19 +0000)
commitee763495250b29fd32cb4026f17678ba30a59342
tree1e1b16cb83733d283fa1342eb63c7549a1266471tree | snapshot
parentc7a47adca29e1ec761d639dd75336bb36ebf4a9bcommit | diff
Sanity check the ticket length before using key name/IV

This could in theory result in an overread - but due to the over allocation
of the underlying buffer does not represent a security issue.

Thanks to Fedor Indutny for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5414)
ssl/t1_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.