CVSROOT: /cvs Module name: src Changes by: js...@cvs.openbsd.org 2014/06/05 11:53:02
Modified files:
lib/libssl/src/ssl: d1_both.c
Log message:
Do not recurse when a 'Hello Request' message is received while getting
DTLS fragments. A stream of 'Hello Request' messages will result in
infinite recursion, eventually crashing the DTLS client or server.
Fixes CVE-2014-0221, from OpenSSL.
Reported to OpenSSL by Imre Rad.
