Add heartbeat extension bounds check.

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for preparing the fix (CVE-2014-0160)
author: Dr. Stephen Henson <steve@openssl.org> 2014-04-06 00:51:06 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2014-04-07 17:53:31 +0100
commit: 96db9023b881d7cd9f379b0c154650d6c108e9a3 (patch)
tree: 68130b178f4f957d1505b5cd666ee51b1254c36a /CHANGES
parent: 0d7717fc9c83dafab8153cbd5e2180e6e04cc802 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 0484456775..08abe8ddf9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,15 @@
 
  Changes between 1.0.1f and 1.0.1g [xx XXX xxxx]
 
+  *) A missing bounds check in the handling of the TLS heartbeat extension
+     can be used to reveal up to 64k of memory to a connected client or
+     server.
+
+     Thanks for Neel Mehta of Google Security for discovering this bug and to
+     Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
+     preparing the fix (CVE-2014-0160)
+     [Adam Langley, Bodo Moeller]
+
   *) Fix for the attack described in the paper "Recovering OpenSSL
      ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
      by Yuval Yarom and Naomi Benger. Details can be obtained from:
author	Dr. Stephen Henson <steve@openssl.org>	2014-04-06 00:51:06 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2014-04-07 17:53:31 +0100
commit	96db9023b881d7cd9f379b0c154650d6c108e9a3 (patch)
tree	68130b178f4f957d1505b5cd666ee51b1254c36a /CHANGES
parent	0d7717fc9c83dafab8153cbd5e2180e6e04cc802 (diff)