projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 53c6cbf) | patch
chacha20/poly1305: make sure to clear the buffer at correct position
authorRichard Levitte <levitte@openssl.org>
Fri, 4 Nov 2016 13:21:46 +0000 (14:21 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 10 Nov 2016 13:04:05 +0000 (13:04 +0000)
commit99d97842ddb5fbbbfb5e9820a64ebd19afe569f6
treeb7c0b1f303044192ea3da585dcfc9489c20a4d68tree | snapshot
parent53c6cbf6e9a6e4fe2433a89bf3c970355dd1e29acommit | diff
chacha20/poly1305: make sure to clear the buffer at correct position

The offset to the memory to clear was incorrect, causing a heap buffer
overflow.

CVE-2016-7054

Thanks to Robert Święcki for reporting this

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit b8e4011fb26364e44230946b87ab38cc1c719aae)
crypto/evp/e_chacha20_poly1305.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.