commit | bed2214b3ee623f0b817fddb1042f9b0d8735243 | [log] [tgz] |
---|---|---|
author | Adam Langley <agl@chromium.org> | Fri Jun 20 12:00:00 2014 -0700 |
committer | Adam Langley <agl@chromium.org> | Fri Jun 20 13:17:41 2014 -0700 |
tree | 475f721c2baf9880bcf2048ba6832649a423b5a3 | |
parent | ce7f9caa98fc62afd5fc40c0f13bc51bef2e7fa1 [diff] |
Fix for CVE-2014-0195 A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Fixed by adding consistency check for DTLS fragments. Thanks to Jüri Aedla for reporting this issue. (Imported from upstream's eb6508d50c9a314b88ac155bd378cbd79a117c92)