[OpenSSL-1.0.2] TNF local patch - SSLv3 crash null pointer violation by unchecked buffer initialization
original commit message:
http://mail-index.netbsd.org/source-changes/2010/04/09/msg008609.html
Comments (2)
-
reporter -
reporter - changed status to resolved
BUGFIX: Issue
- SSLv3 crash null pointer violation by unchecked buffer initialization#171cherry-picked from OpenSSL-1_0_2-stable branch: https://github.com/openssl/openssl/commit/348681ff2b30453eb03ce2d83022ef069d86877d
original commit message:
Fix issue #2113: - enable ssl3_init_finished_mac to return an error - don't continue the SSL state machine if that happens in ssl3_connect: - if ssl3_setup_buffer fails also set state to SSL_ST_ERR for consistency
Reviewed-by: Matt Caswell matt@openssl.org Reviewed-by: Richard Levitte levitte@openssl.org (Merged from https://github.com/openssl/openssl/pull/2130)
→ <<cset 12ed6e6820f17d598b3d751102313f6ac18d95dc>>
- Log in to comment
OpenSSL’s Issue Tracker:
https://rt.openssl.org/Ticket/Display.html?id=2214
https://github.com/openssl/openssl/issues/2113
https://github.com/openssl/openssl/pull/2130
N’s change is whack-a-mole fix, more reasonable fix is already merged to OpenSSL-1_0_2-stable:
https://github.com/openssl/openssl/commit/348681ff2b30453eb03ce2d83022ef069d86877d