commit | 895780572b7895784ed7088248ecb2ed5dd0c97a | [log] [tgz] |
---|---|---|
author | Adam Langley <agl@chromium.org> | Fri Jun 20 12:00:00 2014 -0700 |
committer | Adam Langley <agl@chromium.org> | Fri Jun 20 13:17:41 2014 -0700 |
tree | db55066e75ae532e638524a8c99968d0d40600d7 | |
parent | d06eddd15cc94023a9a3fedf7b1c28aabf159e4d [diff] |
Fix CVE-2014-0221 Unnecessary recursion when receiving a DTLS hello request can be used to crash a DTLS client. Fixed by handling DTLS hello request without recursion. Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. (Imported from upstream's 8942b92c7cb5fa144bd79b7607b459d0b777164c)