summaryrefslogtreecommitdiffstats
path: root/linux-x86_64
diff options
context:
space:
mode:
authorAdam Langley <agl@google.com>2015-06-23 16:23:41 -0700
committerAdam Langley <agl@google.com>2015-06-23 16:32:43 -0700
commit98856d4b9dc1a59a576816dbb097aa9d9e6de47a (patch)
tree0f4a55cb8f17a8aa1ea17dfd39095e333fc3f532 /linux-x86_64
parent56d250321ea9dfa66ea9afa599f12c83a4147c86 (diff)
downloadexternal_boringssl-98856d4b9dc1a59a576816dbb097aa9d9e6de47a.zip
external_boringssl-98856d4b9dc1a59a576816dbb097aa9d9e6de47a.tar.gz
external_boringssl-98856d4b9dc1a59a576816dbb097aa9d9e6de47a.tar.bz2
Fix for CVE-2015-1789.
X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string. An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. This change cherry-picks the following changes from BoringSSL: d87021d2 – Fix length checks in X509_cmp_time to avoid out-of-bounds reads. Change-Id: Ia7d0c5d889f61a3c4be6ea79a5ab41f67bc3c65c
Diffstat (limited to 'linux-x86_64')
0 files changed, 0 insertions, 0 deletions