bed2214 - platform/external/chromium_org/third_party/boringssl/src

commit	bed2214b3ee623f0b817fddb1042f9b0d8735243	[log] [tgz]
author	Adam Langley <agl@chromium.org>	Fri Jun 20 12:00:00 2014 -0700
committer	Adam Langley <agl@chromium.org>	Fri Jun 20 13:17:41 2014 -0700
tree	475f721c2baf9880bcf2048ba6832649a423b5a3
parent	ce7f9caa98fc62afd5fc40c0f13bc51bef2e7fa1 [diff]

Fix for CVE-2014-0195

A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Fixed by adding consistency check for DTLS fragments.

Thanks to Jüri Aedla for reporting this issue.

(Imported from upstream's eb6508d50c9a314b88ac155bd378cbd79a117c92)

ssl/d1_both.c[diff]

1 file changed

tree: 475f721c2baf9880bcf2048ba6832649a423b5a3

crypto/
doc/
include/
ssl/
tool/
util/
.clang-format
.gitignore
BUGS
BUILDING
CMakeLists.txt