projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 83764a9) | patch
Fix SRP buffer overrun vulnerability.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 31 Jul 2014 19:56:22 +0000 (20:56 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 6 Aug 2014 19:27:51 +0000 (20:27 +0100)
commit966fe81f9befbff62522a158006fb03050a868df
tree64fb9e1bc66161ac030ff958465eacc77ac4a721tree | snapshot
parent83764a989dcc87fbea337da5f8f86806fe767b7ecommit | diff
Fix SRP buffer overrun vulnerability.

Invalid parameters passed to the SRP code can be overrun an internal
buffer. Add sanity check that g, A, B < N to SRP code.

Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
Group for reporting this issue.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
crypto/srp/srp_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.