subject:"\[openssl.org #3361\] \[PATCH\] inadequate buffer size in ssl3_send_certificate_request"

[openssl.org #3361] [PATCH] inadequate buffer size in ssl3_send_certificate_request

2014-05-20 Thread David Ramos via RT

Hello, Our UC-KLEE tool found an out-of-bounds write bug in ssl3_send_certificate_request (ssl/s3_srvr.c) caused by allocating an insufficiently large buffer. It appears that NETSCAPE_HANG_BUG is defined to append the 4-byte ServerDone message to the CertificateRequest message, but the necessa

[openssl.org #3361] [PATCH] inadequate buffer size in ssl3_send_certificate_request

2014-06-01 Thread Stephen Henson via RT

Patch applied, thanks for the report. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www