projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 92f9a8b) | patch
Fix length checks in X509_cmp_time to avoid out-of-bounds reads.
authorEmilia Kasper <emilia@openssl.org>
Wed, 8 Apr 2015 14:56:43 +0000 (16:56 +0200)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 11 Jun 2015 12:07:49 +0000 (13:07 +0100)
commitfa57f74a3941db6b2efb2f43c6add914ec83db20
tree47325a5f5d77e5c1ff0fbf2254a54a39edfb284atree | snapshot
parent92f9a8bf3844359bb50d86dab92bc24b074d350dcommit | diff
Fix length checks in X509_cmp_time to avoid out-of-bounds reads.

Also tighten X509_cmp_time to reject more than three fractional
seconds in the time; and to reject trailing garbage after the offset.

CVE-2015-1789

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
crypto/x509/x509_vfy.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.