projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 773da09) | patch
Sanity check the ticket length before using key name/IV
authorMatt Caswell <matt@openssl.org>
Tue, 20 Feb 2018 10:20:20 +0000 (10:20 +0000)
committerMatt Caswell <matt@openssl.org>
Wed, 21 Feb 2018 11:26:25 +0000 (11:26 +0000)
commitcb7503750efc02c64cdb7167dee692e47c44c6e9
tree2737ce63dcf6ff75fee1fa3cf141cd0cd47db5e8tree | snapshot
parent773da093b1b9a63ae9c94cae756848011686caa0commit | diff
Sanity check the ticket length before using key name/IV

This could in theory result in an overread - but due to the over allocation
of the underlying buffer does not represent a security issue.

Thanks to Fedor Indutny for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5417)
ssl/t1_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.