projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3978429) | patch
Sanity check record length before skipping explicit IV in DTLS
authorDr. Stephen Henson <steve@openssl.org>
Thu, 10 May 2012 14:33:11 +0000 (14:33 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 10 May 2012 14:33:11 +0000 (14:33 +0000)
commit36dd4cba3dfa87aebd59d10c844fdda3a31b89db
tree2d1edd5b93a10cc5241b95ac4b1a5845449d299dtree | snapshot
parent3978429ad5a07907eae59ff9d20fba117208ef23commit | diff
Sanity check record length before skipping explicit IV in DTLS
to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
CHANGES diff | blob | history
ssl/d1_enc.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.