[openssl-dev] [openssl.org #3124] potential bug in ssl/s3_cbc.c

Emilia Käsper via RT rt at openssl.org
Thu Sep 10 21:30:52 UTC 2015

Previous message: [openssl-dev] [openssl.org #2524] openssl 1.0.0d bug report/ query
Next message: [openssl-dev] [openssl.org #2464] [PATCH] Experimental TLS-RSA-PSK support for OpenSSL
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In the is_sslv3 case, the header length is recomputed to be large enough.

I also note that we've recently added a sanity check to make this explicit, see
commit
29b0a15a480626544dd0c803d5de671552544de6

Sorry that we didn't acknowledge your report!

Cheers,
Emilia

Previous message: [openssl-dev] [openssl.org #2524] openssl 1.0.0d bug report/ query
Next message: [openssl-dev] [openssl.org #2464] [PATCH] Experimental TLS-RSA-PSK support for OpenSSL
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the openssl-dev mailing list