projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 88ae012) | patch
Fix OID handling:
authorEmilia Kasper <emilia@openssl.org>
Wed, 2 Jul 2014 17:02:33 +0000 (19:02 +0200)
committerMatt Caswell <matt@openssl.org>
Wed, 6 Aug 2014 19:27:51 +0000 (20:27 +0100)
commit03b04ddac162c7b7fa3c57eadccc5a583a00d291
treecbc71102544459722fde936940f3b05c018b7614tree | snapshot
parent88ae012c8092852f03c50f6461175271104b4c8acommit | diff
Fix OID handling:

- Upon parsing, reject OIDs with invalid base-128 encoding.
- Always NUL-terminate the destination buffer in OBJ_obj2txt printing function.

CVE-2014-3508

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
crypto/asn1/a_object.c diff | blob | history
crypto/objects/obj_dat.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.