[openssl-dev] [openssl.org #4395] OpenSSL doesn't reject out-of-context empty records
Matt Caswell via RT
rt at openssl.org
Tue Jun 7 21:11:05 UTC 2016
On Mon Mar 07 22:27:23 2016, davidben at google.com wrote:
> ssl3_get_record silently discards empty records without much context,
> which
> means OpenSSL will happily accept, e.g., empty app data records
> mid-handshake or empty records of bogus type. They get silently
> discarded
> and never returned to the caller, so this is harmless, just a little
> odd.
Fixed in commit 255cfeac. I also added a test for this in 4f0c475.
Thanks David. Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4395
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list