projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a489632) | patch
Add heartbeat extension bounds check.
authorDr. Stephen Henson <steve@openssl.org>
Sat, 5 Apr 2014 23:51:06 +0000 (00:51 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 7 Apr 2014 18:25:34 +0000 (19:25 +0100)
commit7e840163c06c7692b796a93e3fa85a93136adbb2
tree67eeb65e9cae0d16b0b12be1d54d01d4c8a32780tree | snapshot
parenta4896327e3e8c692438f0a85306f207b84b767f0commit | diff
Add heartbeat extension bounds check.

A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)
(cherry picked from commit 96db9023b881d7cd9f379b0c154650d6c108e9a3)
CHANGES diff | blob | history
ssl/d1_both.c diff | blob | history
ssl/t1_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.