diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-07-31 20:56:22 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2014-08-06 20:27:51 +0100 |
commit | 966fe81f9befbff62522a158006fb03050a868df (patch) | |
tree | 64fb9e1bc66161ac030ff958465eacc77ac4a721 /ssl/ssl_locl.h | |
parent | 83764a989dcc87fbea337da5f8f86806fe767b7e (diff) |
Fix SRP buffer overrun vulnerability.
Invalid parameters passed to the SRP code can be overrun an internal
buffer. Add sanity check that g, A, B < N to SRP code.
Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
Group for reporting this issue.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Diffstat (limited to 'ssl/ssl_locl.h')
0 files changed, 0 insertions, 0 deletions