fix a bug in ssl_next_proto_validate (ssl/t1_lib.c) [GitHub PR #506]

Kazuki Yamaguchi k at rhe.jp
Sat Dec 12 16:11:40 UTC 2015

Previous message: [patch] OpenSSL 1.1.0 fails when configure with no-nextproto
Next message: Isses with respect to malloc failures handling.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

By commit 50932c4af2fdd1da01203e9fabe176f9c106882b, 
ssl_next_proto_validate (in ssl/t1_lib.c) is not validating the length 
of each advertised protocol name.

GitHub Pull Request: https://github.com/openssl/openssl/pull/506

-- 
Kazuki Yamaguchi <k at rhe.jp>

Previous message: [patch] OpenSSL 1.1.0 fails when configure with no-nextproto
Next message: Isses with respect to malloc failures handling.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the openssl-bugs-mod mailing list