projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 57389a3) | patch
Limit the number of KeyUpdate messages we can process
authorMatt Caswell <matt@openssl.org>
Mon, 13 Feb 2017 11:55:38 +0000 (11:55 +0000)
committerMatt Caswell <matt@openssl.org>
Fri, 17 Feb 2017 10:28:00 +0000 (10:28 +0000)
commit82f992cbe0db628879aae4bf3ddd95cfcb1098a5
treed2d18ff28dbe453e55ac3378e059cb53a1d7090ctree | snapshot
parent57389a3261075cc1266218742434aa749cf3733ecommit | diff
Limit the number of KeyUpdate messages we can process

Too many KeyUpdate message could be inicative of a problem (e.g. an
infinite KeyUpdate loop if the peer always responds to a KeyUpdate message
with an "update_requested" KeyUpdate response), or (conceivably) an attack.
Either way we limit the number of KeyUpdate messages we are prepared to
handle.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
include/openssl/ssl.h diff | blob | history
ssl/ssl_err.c diff | blob | history
ssl/ssl_locl.h diff | blob | history
ssl/statem/statem_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.