diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-04-06 00:51:06 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-04-07 17:53:31 +0100 |
commit | 96db9023b881d7cd9f379b0c154650d6c108e9a3 (patch) | |
tree | 68130b178f4f957d1505b5cd666ee51b1254c36a /include | |
parent | 0d7717fc9c83dafab8153cbd5e2180e6e04cc802 (diff) | |
download | openssl-new-96db9023b881d7cd9f379b0c154650d6c108e9a3.tar.gz |
Add heartbeat extension bounds check.
A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.
Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions