projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 80bd7b4) | patch
Fix SRP buffer overrun vulnerability.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 31 Jul 2014 19:56:22 +0000 (20:56 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 6 Aug 2014 19:36:41 +0000 (20:36 +0100)
commit4a23b12a031860253b58d503f296377ca076427b
tree23f11b15a67618d2cbb459d87dbc6de6ec51bb91tree | snapshot
parent80bd7b41b30af6ee96f519e629463583318de3b0commit | diff
Fix SRP buffer overrun vulnerability.

Invalid parameters passed to the SRP code can be overrun an internal
buffer. Add sanity check that g, A, B < N to SRP code.

Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
Group for reporting this issue.
crypto/srp/srp_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.