Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
openssl
openssl-CVE-2015-0286.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-CVE-2015-0286.patch of Package openssl
commit ee5a1253285e5c9f406c8b57b0686319b70c07d8 Author: Dr. Stephen Henson <steve@openssl.org> Date: Mon Mar 9 23:11:45 2015 +0000 Fix ASN1_TYPE_cmp Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. CVE-2015-0286 Reviewed-by: Richard Levitte <levitte@openssl.org> Index: openssl-1.0.1i/crypto/asn1/a_type.c =================================================================== --- openssl-1.0.1i.orig/crypto/asn1/a_type.c 2015-03-17 14:15:18.832332902 +0100 +++ openssl-1.0.1i/crypto/asn1/a_type.c 2015-03-17 14:15:19.738346161 +0100 @@ -124,6 +124,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co case V_ASN1_OBJECT: result = OBJ_cmp(a->value.object, b->value.object); break; + case V_ASN1_BOOLEAN: + result = a->value.boolean - b->value.boolean; + break; case V_ASN1_NULL: result = 0; /* They do not have content. */ break;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor