projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d0cbaa2) | patch
Fix small OOB reads.
authorDr. Stephen Henson <steve@openssl.org>
Sat, 17 Sep 2016 11:36:58 +0000 (12:36 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 21 Sep 2016 13:10:59 +0000 (14:10 +0100)
commitff553f837172ecb2b5c8eca257ec3c5619a4b299
treea1dc3fd69a71d90721f727fa78e535ab67b2f193tree | snapshot
parentd0cbaa2f3a36a3359ee979f0262f0ff514630509commit | diff
Fix small OOB reads.

In ssl3_get_client_certificate, ssl3_get_server_certificate and
ssl3_get_certificate_request check we have enough room
before reading a length.

Thanks to Shi Lei (Gear Team, Qihoo 360 Inc.) for reporting these bugs.

CVE-2016-6306

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
ssl/s3_clnt.c diff | blob | history
ssl/s3_srvr.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.