projects / platform / upstream / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ba46e72) | patch
Fix SRP buffer overrun vulnerability.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 31 Jul 2014 19:56:22 +0000 (20:56 +0100)
committerJanusz Kozerski <j.kozerski@samsung.com>
Mon, 20 Oct 2014 13:25:33 +0000 (15:25 +0200)
commitfc32ae1c2c0c5b0ee975e2a20360b2e75f519e7b
treed3fe99167724b0a0ff2c032d6186cc794a808b8ctree | snapshot
parentba46e724eb1e0dc190edece2a86240da16b40c0dcommit | diff
Fix SRP buffer overrun vulnerability.

Invalid parameters passed to the SRP code can be overrun an internal
buffer. Add sanity check that g, A, B < N to SRP code.

Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
Group for reporting this issue.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
crypto/srp/srp_lib.c diff | blob | history
Domain: Security / Utilities;