projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Stop PKCS7_verify() core dumping with unknown public
[openssl.git] / CHANGES
diff --git a/CHANGES b/CHANGES
index c5cd00a9bc0c241fe7bec7697b1c18c9a0004ae6..a83e26c9f7b2f502b4a47f4f6756b8dbdc306332 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,11 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) Avoid coredump with unsupported or invalid public keys by checking if
+     X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
+     PKCS7_verify() fails with non detached data.
+     [Steve Henson]
+
   *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and
      OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate
      ID to be generated from the issuer certificate alone which can then be
Unnamed repository; edit this file 'description' to name the repository.