projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e5f7065) | patch
Fix CVE-2014-0221
authorDr. Stephen Henson <steve@openssl.org>
Fri, 16 May 2014 12:00:45 +0000 (13:00 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 5 Jun 2014 12:24:36 +0000 (13:24 +0100)
commit8942b92c7cb5fa144bd79b7607b459d0b777164c
treec5083db48385767c9df2103fda66422d2c939e0atree | snapshot
parente5f706590c7b1f19ca34415593aebdb6cbef355bcommit | diff
Fix CVE-2014-0221

Unnecessary recursion when receiving a DTLS hello request can be used to
crash a DTLS client. Fixed by handling DTLS hello request without recursion.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
(cherry picked from commit d3152655d5319ce883c8e3ac4b99f8de4c59d846)
ssl/d1_both.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.