projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 77c77f0) | patch
Fix Seg fault in DTLSv1_listen
authorMatt Caswell <matt@openssl.org>
Mon, 9 Mar 2015 16:09:04 +0000 (16:09 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 19 Mar 2015 11:11:22 +0000 (11:11 +0000)
commit819418110b6fff4a7b96f01a5d68f71df3e3b736
tree14848aa0ae4588076ab7791684d27b186cacb0dftree | snapshot
parent77c77f0a1b9f15b869ca3342186dfbedd1119d0ecommit | diff
Fix Seg fault in DTLSv1_listen

The DTLSv1_listen function is intended to be stateless and processes
the initial ClientHello from many peers. It is common for user code to
loop over the call to DTLSv1_listen until a valid ClientHello is received
with an associated cookie. A defect in the implementation of DTLSv1_listen
means that state is preserved in the SSL object from one invokation to the
next that can lead to a segmentation fault. Erorrs processing the initial
ClientHello can trigger this scenario. An example of such an error could
be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only
server.

CVE-2015-0207

Reviewed-by: Richard Levitte <levitte@openssl.org>
ssl/d1_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.