generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add PSS parameter check.

Browse Source 
Avoid seg fault by checking mgf1 parameter is not NULL. This can be
triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.

Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug.

CVE-2015-3194

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Dr. Stephen Henson
2015-10-02 12:35:19 +01:00
committed by Matt Caswell
parent d73cc256c8
commit c394a48894
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/rsa/rsa_ameth.c
View File

@@ -268,7 +268,7 @@ static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg)
{ {
const unsigned char *p; const unsigned char *p;
int plen; int plen;
if (alg == NULL) if (alg == NULL || alg->parameter == NULL)
return NULL; return NULL;
if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) if (OBJ_obj2nid(alg->algorithm) != NID_mgf1)
return NULL; return NULL;