git.openssl.org Git - openssl.git/commit

author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 24 Jul 2014 23:50:06 +0000 (00:50 +0100)
committer	Matt Caswell <matt@openssl.org>
	Wed, 6 Aug 2014 19:41:24 +0000 (20:41 +0100)
commit	f338c2e0c2ce1e89cf8eba2d38878081f46b9dce
tree	db100a18f5978eb3e4cfc80a5f840b948dad0ca8	tree \| snapshot
parent	92aa73bcbfad44f9dd7997ae51537ac5d7dc201e	commit \| diff

Fix SRP ciphersuite DoS vulnerability.

If a client attempted to use an SRP ciphersuite and it had not been
set up correctly it would crash with a null pointer read. A malicious
server could exploit this in a DoS attack.

Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon
for reporting this issue.

CVE-2014-2970
Reviewed-by: Tim Hudson <tjh@openssl.org>

ssl/t1_lib.c

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom