projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4e6c12f) | patch
Add heartbeat extension bounds check.
authorDr. Stephen Henson <steve@openssl.org>
Sat, 5 Apr 2014 23:51:06 +0000 (00:51 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 7 Apr 2014 18:44:38 +0000 (19:44 +0100)
commit731f431497f463f3a2a97236fe0187b11c44aead
tree1740eb9099bdb2e120c6d9fbfd10572d58a6f436tree | snapshot
parent4e6c12f3088d3ee5747ec9e16d03fc671b8f40becommit | diff
Add heartbeat extension bounds check.

A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)
(cherry picked from commit 96db9023b881d7cd9f379b0c154650d6c108e9a3)
CHANGES diff | blob | history
ssl/d1_both.c diff | blob | history
ssl/t1_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.