projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1d7d0ed) | patch
Fix OID handling:
authorEmilia Kasper <emilia@openssl.org>
Wed, 2 Jul 2014 17:02:33 +0000 (19:02 +0200)
committerMatt Caswell <matt@openssl.org>
Wed, 6 Aug 2014 19:41:24 +0000 (20:41 +0100)
commitc01618dd822cc724c05eeb52455874ad068ec6a5
treee7e8807423daa9c2d5a2240bfdbc94e6a477606dtree | snapshot
parent1d7d0ed9c21403d79d602b6c7d76fdecf5e737dacommit | diff
Fix OID handling:

- Upon parsing, reject OIDs with invalid base-128 encoding.
- Always NUL-terminate the destination buffer in OBJ_obj2txt printing function.

CVE-2014-3508

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
crypto/asn1/a_object.c diff | blob | history
crypto/objects/obj_dat.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.