[OpenSSL-1.0.2] TNF local patch - SSLv3 crash null pointer violation by unchecked buffer initialization

Comments (2)

1. 

   Takehiko NOZAKI reporter

   OpenSSL’s Issue Tracker:

   https://rt.openssl.org/Ticket/Display.html?id=2214

   https://github.com/openssl/openssl/issues/2113

   https://github.com/openssl/openssl/pull/2130

   N’s change is whack-a-mole fix, more reasonable fix is already merged to OpenSSL-1_0_2-stable:

   https://github.com/openssl/openssl/commit/348681ff2b30453eb03ce2d83022ef069d86877d

   • 2019-07-09T08:02:40+00:00
2. 

   Takehiko NOZAKI reporter

   • changed status to resolved

   BUGFIX: Issue #171 - SSLv3 crash null pointer violation by unchecked buffer initialization

   cherry-picked from OpenSSL-1_0_2-stable branch: https://github.com/openssl/openssl/commit/348681ff2b30453eb03ce2d83022ef069d86877d

   original commit message:

   Fix issue #2113: - enable ssl3_init_finished_mac to return an error - don't continue the SSL state machine if that happens in ssl3_connect: - if ssl3_setup_buffer fails also set state to SSL_ST_ERR for consistency

   Reviewed-by: Matt Caswell matt@openssl.org Reviewed-by: Richard Levitte levitte@openssl.org (Merged from https://github.com/openssl/openssl/pull/2130)

   → <<cset 12ed6e6820f17d598b3d751102313f6ac18d95dc>>

   • 2019-07-09T08:51:15+00:00
3. Log in to comment