openssl

History

Guy Leaver (guleaver) 61e72d761c Fix seg fault with 0 p val in SKE If a client receives a ServerKeyExchange for an anon DH ciphersuite with the value of p set to 0 then a seg fault can occur. This commits adds a test to reject p, g and pub key parameters that have a 0 value (in accordance with RFC 5246) The security vulnerability only affects master and 1.0.2, but the fix is additionally applied to 1.0.1 for additional confidence. CVE-2015-1794 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>	2015-08-11 19:57:01 +01:00
..
internal	Identify and move OpenSSL internal header files	2015-05-14 15:13:49 +02:00
openssl	Fix seg fault with 0 p val in SKE	2015-08-11 19:57:01 +01:00

Guy Leaver (guleaver) 61e72d761c Fix seg fault with 0 p val in SKE

If a client receives a ServerKeyExchange for an anon DH ciphersuite with the
value of p set to 0 then a seg fault can occur. This commits adds a test to
reject p, g and pub key parameters that have a 0 value (in accordance with
RFC 5246)

The security vulnerability only affects master and 1.0.2, but the fix is
additionally applied to 1.0.1 for additional confidence.

CVE-2015-1794

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

2015-08-11 19:57:01 +01:00

internal

Identify and move OpenSSL internal header files

2015-05-14 15:13:49 +02:00

openssl

Fix seg fault with 0 p val in SKE

2015-08-11 19:57:01 +01:00