projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0d7717f) | patch
Add heartbeat extension bounds check.
authorDr. Stephen Henson <steve@openssl.org>
Sat, 5 Apr 2014 23:51:06 +0000 (00:51 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 7 Apr 2014 16:53:31 +0000 (17:53 +0100)
commit96db9023b881d7cd9f379b0c154650d6c108e9a3
tree68130b178f4f957d1505b5cd666ee51b1254c36atree | snapshot
parent0d7717fc9c83dafab8153cbd5e2180e6e04cc802commit | diff
Add heartbeat extension bounds check.

A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)
CHANGES diff | blob | history
ssl/d1_both.c diff | blob | history
ssl/t1_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.