From: Dr. Stephen Henson <steve@openssl.org>
Date: Sat, 5 Apr 2014 23:51:06 +0000 (+0100)
Subject: Add heartbeat extension bounds check.
X-Git-Tag: master-post-reformat~872
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=731f431497f463f3a2a97236fe0187b11c44aead;hp=731f431497f463f3a2a97236fe0187b11c44aead

Add heartbeat extension bounds check.

A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)
(cherry picked from commit 96db9023b881d7cd9f379b0c154650d6c108e9a3)
---