diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-05-25 14:52:54 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-05-25 14:52:54 +0000 |
commit | bc7ee385f53f1308a98c2020bb322c74fb4ce082 (patch) | |
tree | f98ec75eda08b6e139dced48f8da963732c836ab /crypto | |
parent | 1e368ab08fccdb824cb91bd7765880de0dbf2ea8 (diff) | |
download | openssl-new-bc7ee385f53f1308a98c2020bb322c74fb4ce082.tar.gz |
Fix the ECDSA timing attack mentioned in the paper at:
http://eprint.iacr.org/2011/232.pdf
Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/ocsp/ocsp_lib.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index 27450811d7..441ccb7a9e 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -169,14 +169,14 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss char *host, *port; - /* dup the buffer since we are going to mess with it */ - buf = BUF_strdup(url); - if (!buf) goto mem_err; - *phost = NULL; *pport = NULL; *ppath = NULL; + /* dup the buffer since we are going to mess with it */ + buf = BUF_strdup(url); + if (!buf) goto mem_err; + /* Check for initial colon */ p = strchr(buf, ':'); |