projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 747c6ff) | patch
The fix for CVE-2012-2110 did not take into account that the
authorDr. Stephen Henson <steve@openssl.org>
Mon, 23 Apr 2012 20:35:55 +0000 (20:35 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 23 Apr 2012 20:35:55 +0000 (20:35 +0000)
commit8d038a08fbd3eb4b2f0a5bf1987bb6689a2a943c
tree745dfab31f4f0795f57458a58452d705a935524atree | snapshot
parent747c6ffda45c00d0bf5ec0d375b68896c02ee770commit | diff
The fix for CVE-2012-2110 did not take into account that the
'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
int in OpenSSL 0.9.8, making it still vulnerable. Fix by
rejecting negative len parameter.

Thanks to the many people who reported this bug and to Tomas Hoger
<thoger@redhat.com> for supplying the fix.
CHANGES diff | blob | history
crypto/buffer/buffer.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.