projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 712d523) | patch
Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and
authorDr. Stephen Henson <steve@openssl.org>
Thu, 10 May 2012 16:03:36 +0000 (16:03 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 10 May 2012 16:03:36 +0000 (16:03 +0000)
commite7c8483891eb3e0a644cda87ccbff5184072aeb6
tree15a4bb094c686a27c6f3f8bba15724c8da97915ftree | snapshot
parent712d523484c3dbe384fb6699ea228b8aef7723e9commit | diff
Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and
DTLS to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
CHANGES diff | blob | history
ssl/d1_enc.c diff | blob | history
ssl/t1_enc.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.