CVSROOT: /cvs Module name: src Changes by: js...@cvs.openbsd.org 2014/11/27 09:03:03
Modified files:
lib/libssl/src/ssl: d1_clnt.c
Log message:
Avoid a NULL dereference in the DTLS client that can be triggered by a
crafted server response used in conjunction with an anonymous DH or
anonymous ECDH ciphersuite.
Fixes CVE-2014-3510, which is effectively a repeat of CVE-2014-3470 in
copied code.
Reported by Felix Groebert of the Google Security Team.
ok beck@ miod@
