projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 86788e1) | patch
Fix SRP ciphersuite DoS vulnerability.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 29 Jul 2014 20:23:30 +0000 (21:23 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 6 Aug 2014 19:27:51 +0000 (20:27 +0100)
commit83764a989dcc87fbea337da5f8f86806fe767b7e
treebf5920ae6f7efeaf53c12e900cf136b10717a718tree | snapshot
parent86788e1ee6908a5b3a4c95fa80caa4b724a8a434commit | diff
Fix SRP ciphersuite DoS vulnerability.

If a client attempted to use an SRP ciphersuite and it had not been
set up correctly it would crash with a null pointer read. A malicious
server could exploit this in a DoS attack.

Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon
for reporting this issue.

CVE-2014-5139
Reviewed-by: Tim Hudson <tjh@openssl.org>
ssl/s3_clnt.c diff | blob | history
ssl/ssl_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.