projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f15a7e3) | patch
Add some sanity checks when checking CRL scores
authorMatt Caswell <matt@openssl.org>
Mon, 22 Aug 2016 23:01:57 +0000 (00:01 +0100)
committerMatt Caswell <matt@openssl.org>
Mon, 26 Sep 2016 08:19:50 +0000 (09:19 +0100)
commit6e629b5be45face20b4ca71c4fcbfed78b864a2e
tree414687e7ad3c9d6020a99db24d710646a4a81f92tree | snapshot
parentf15a7e39a1f7d41716ca5f07faef74f55147d2cfcommit | diff
Add some sanity checks when checking CRL scores

Note: this was accidentally omitted from OpenSSL 1.0.2 branch.
Without this fix any attempt to use CRLs will crash.

CVE-2016-7052

Thanks to Bruce Stephens and Thomas Jakobi for reporting this issue.

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/x509/x509_vfy.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.