summaryrefslogtreecommitdiffstats
path: root/src/crypto/x509/x509_vfy.c
diff options
context:
space:
mode:
authorAdam Langley <agl@google.com>2015-06-23 16:20:13 -0700
committerAdam Langley <agl@google.com>2015-06-23 16:32:39 -0700
commit56d250321ea9dfa66ea9afa599f12c83a4147c86 (patch)
tree32f131cd6ff8f2c2db1ba6a533d0b2da3853f58d /src/crypto/x509/x509_vfy.c
parent0e6bb1c72014c26289d09f4deea9c25706be5824 (diff)
downloadexternal_boringssl-56d250321ea9dfa66ea9afa599f12c83a4147c86.zip
external_boringssl-56d250321ea9dfa66ea9afa599f12c83a4147c86.tar.gz
external_boringssl-56d250321ea9dfa66ea9afa599f12c83a4147c86.tar.bz2
Fixes for CVE-2015-1791.
If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. This change cherry-picks the following BoringSSL changes: b31040d0 – Get rid of CERT_PKEY slots in SESS_CERT. fd67aa8c – Add SSL_SESSION_from_bytes. 95d31825 – Duplicate SSL_SESSIONs when renewing them. d65bb78c – Add SSL_initial_handshake_complete. 680ca961 – Preserve session->sess_cert on ticket renewal. Change-Id: I474065330842e4ab0066b2485c1489a50e4dfd5b
Diffstat (limited to 'src/crypto/x509/x509_vfy.c')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.1 at 2024-05-19 20:45:25 +0000