projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d73cc25) | patch
Add PSS parameter check.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 2 Oct 2015 11:35:19 +0000 (12:35 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 3 Dec 2015 14:32:05 +0000 (14:32 +0000)
commitc394a488942387246653833359a5c94b5832674e
tree5db97698a22d6e6c4753236e1311d067c18a93a9tree | snapshot
parentd73cc256c8e256c32ed959456101b73ba9842f72commit | diff
Add PSS parameter check.

Avoid seg fault by checking mgf1 parameter is not NULL. This can be
triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.

Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug.

CVE-2015-3194

Reviewed-by: Richard Levitte <levitte@openssl.org>
crypto/rsa/rsa_ameth.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.