Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
openssl
openssl-CVE-2015-3194.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-CVE-2015-3194.patch of Package openssl
From d8541d7e9e63bf5f343af24644046c8d96498c17 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" <steve@openssl.org> Date: Fri, 2 Oct 2015 13:10:29 +0100 Subject: [PATCH] Add PSS parameter check. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Avoid seg fault by checking mgf1 parameter is not NULL. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug. CVE-2015-3194 Reviewed-by: Matt Caswell <matt@openssl.org> --- crypto/rsa/rsa_ameth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: openssl-1.0.1i/crypto/rsa/rsa_ameth.c =================================================================== --- openssl-1.0.1i.orig/crypto/rsa/rsa_ameth.c 2015-12-03 17:56:38.292632624 +0100 +++ openssl-1.0.1i/crypto/rsa/rsa_ameth.c 2015-12-03 17:58:11.106130819 +0100 @@ -287,7 +287,7 @@ static RSA_PSS_PARAMS *rsa_pss_decode(co { ASN1_TYPE *param = pss->maskGenAlgorithm->parameter; if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 - && param->type == V_ASN1_SEQUENCE) + && param && param->type == V_ASN1_SEQUENCE) { p = param->value.sequence->data; plen = param->value.sequence->length;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor