diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2013-01-24 13:30:42 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-01-29 16:49:24 +0000 |
commit | 62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7 (patch) | |
tree | 15fb8fedf8e52fb1f7e2d8f0b1a790911a91ce54 /CHANGES | |
parent | 014265eb02e26f35c8db58e2ccbf100b0b2f0072 (diff) |
Don't try and verify signatures if key is NULL (CVE-2013-0166)
Add additional check to catch this in ASN1_item_verify too.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -4,6 +4,10 @@ Changes between 1.0.1c and 1.0.1d [xx XXX xxxx] + *) Return an error when checking OCSP signatures when key is NULL. + This fixes a DoS attack. (CVE-2013-0166) + [Steve Henson] + *) Make openssl verify return errors. [Chris Palmer <palmer@google.com> and Ben Laurie] |