git.openssl.org Git - openssl.git/commit

author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 24 Jul 2014 23:50:06 +0000 (00:50 +0100)
committer	Matt Caswell <matt@openssl.org>
	Wed, 6 Aug 2014 19:36:41 +0000 (20:36 +0100)
commit	80bd7b41b30af6ee96f519e629463583318de3b0
tree	827671d277fa089328058964009069671ead5157	tree \| snapshot
parent	fb0bc2b273bcc2d5401dd883fe869af4fc74bb21	commit \| diff

Fix SRP ciphersuite DoS vulnerability.

If a client attempted to use an SRP ciphersuite and it had not been
set up correctly it would crash with a null pointer read. A malicious
server could exploit this in a DoS attack.

Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon
for reporting this issue.

CVE-2014-2970
Reviewed-by: Tim Hudson <tjh@openssl.org>

ssl/t1_lib.c

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom