CVS: cvs.openbsd.org: src

Stuart Henderson Thu, 05 Jun 2014 13:41:36 -0700

CVSROOT:        /cvs
Module name:    src
Changes by:     st...@cvs.openbsd.org   2014/06/05 14:38:41


Modified files:
        lib/libssl/src/ssl: Tag: OPENBSD_5_4 d1_both.c 

Log message:
MFC DTLS "Hello Request" fix (CVE-2014-0221)

"Do not recurse when a 'Hello Request' message is received while getting
DTLS fragments. A stream of 'Hello Request' messages will result in
infinite recursion, eventually crashing the DTLS client or server.
Fixes CVE-2014-0221, from OpenSSL.  Reported to OpenSSL by Imre Rad."
>From d1_both.c r1.20

CVS: cvs.openbsd.org: src

Reply via email to