Add heartbeat extension bounds check.

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for preparing the fix (CVE-2014-0160) (cherry picked from commit 96db9023b881d7cd9f379b0c154650d6c108e9a3)
author: Dr. Stephen Henson <steve@openssl.org> 2014-04-06 00:51:06 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2014-04-07 19:44:38 +0100
commit: 731f431497f463f3a2a97236fe0187b11c44aead (patch)
tree: 1740eb9099bdb2e120c6d9fbfd10572d58a6f436 /CHANGES
parent: 4e6c12f3088d3ee5747ec9e16d03fc671b8f40be (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index be2212db7b..87333bfcc9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,15 @@
 
  Changes between 1.0.2 and 1.1.0  [xx XXX xxxx]
 
+  *) A missing bounds check in the handling of the TLS heartbeat extension
+     can be used to reveal up to 64k of memory to a connected client or
+     server.
+
+     Thanks for Neel Mehta of Google Security for discovering this bug and to
+     Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
+     preparing the fix (CVE-2014-0160)
+     [Adam Langley, Bodo Moeller]
+
   *) Fix for the attack described in the paper "Recovering OpenSSL
      ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
      by Yuval Yarom and Naomi Benger. Details can be obtained from:
author	Dr. Stephen Henson <steve@openssl.org>	2014-04-06 00:51:06 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2014-04-07 19:44:38 +0100
commit	731f431497f463f3a2a97236fe0187b11c44aead (patch)
tree	1740eb9099bdb2e120c6d9fbfd10572d58a6f436 /CHANGES
parent	4e6c12f3088d3ee5747ec9e16d03fc671b8f40be (diff)