projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b29ffa3) | patch
Add PSS parameter check.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 2 Oct 2015 12:10:29 +0000 (13:10 +0100)
committerRichard Levitte <levitte@openssl.org>
Thu, 3 Dec 2015 12:45:13 +0000 (13:45 +0100)
commitd8541d7e9e63bf5f343af24644046c8d96498c17
tree43aed4aaccaa13d265cb7b184d3e87f8f082a525tree | snapshot
parentb29ffa392e839d05171206523e84909146f7a77ccommit | diff
Add PSS parameter check.

Avoid seg fault by checking mgf1 parameter is not NULL. This can be
triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.

Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug.

CVE-2015-3194

Reviewed-by: Matt Caswell <matt@openssl.org>
crypto/rsa/rsa_ameth.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.