projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 058f12b) | patch
Sanity check the ticket length before using key name/IV
authorMatt Caswell <matt@openssl.org>
Tue, 20 Feb 2018 10:20:20 +0000 (10:20 +0000)
committerMatt Caswell <matt@openssl.org>
Wed, 21 Feb 2018 11:22:52 +0000 (11:22 +0000)
commit5a19f9ea7a27453d67c09160a8c806e644e844e7
tree2e60780564962f845be0fbf16bd8ef6306ce39aetree | snapshot
parent058f12b7266a21f04893e88d8240b81e7c51fcd5commit | diff
Sanity check the ticket length before using key name/IV

This could in theory result in an overread - but due to the over allocation
of the underlying buffer does not represent a security issue.

Thanks to Fedor Indutny for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5415)
ssl/t1_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.