projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c81f169) | patch
Go into the error state if a fatal alert is sent or received
authorMatt Caswell <matt@openssl.org>
Fri, 14 Dec 2018 07:28:30 +0000 (07:28 +0000)
committerMatt Caswell <matt@openssl.org>
Tue, 26 Feb 2019 14:13:05 +0000 (14:13 +0000)
commite9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e
tree14095c31fe4bf12dcb43fd7d5b39aec66a9a71a4tree | snapshot
parentc81f16952bca7793074ac926b17aed3364db2c84commit | diff
Go into the error state if a fatal alert is sent or received

If an application calls SSL_shutdown after a fatal alert has occured and
then behaves different based on error codes from that function then the
application may be vulnerable to a padding oracle.

CVE-2019-1559

Reviewed-by: Richard Levitte <levitte@openssl.org>
ssl/d1_pkt.c diff | blob | history
ssl/s3_pkt.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.