Hi!
Looking at the CVE-2015-0292 fix:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9febee0272
the added (eof v) check seems somewhat suspicious. While it prevents
integer underflow that causes out of bounds memcpy(), it still allows
some messing with output via proper number
On Wed, 18 Dec 2013 23:42:08 +0100 Stephen Henson via RT wrote:
Many thanks for that info. I think I've traced the cause of the thing
now with that clue. It might have security implications (DoS only
though) so I'll keep any further details off the public mailing lists.
This is now covered by
Fixed in 1.0.1f and 1.0.0l:
http://www.openssl.org/news/vulnerabilities.html#2013-6450
th.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
On Thu, 31 May 2012 20:41:21 +0200 (CEST) David Anthony via RT wrote:
There has been a new security vulnerability we have reported over at
Bugtraq (http://seclists.org/bugtraq/2012/May/155) and we feel that it
should also be reported to the OpenSSL dev team. If there are any
questions
Hi!
SSL_CTX_new currently contains:
/* Setup RFC4507 ticket keys */
if ((RAND_pseudo_bytes(ret-tlsext_tick_key_name, 16) = 0)
|| (RAND_bytes(ret-tlsext_tick_hmac_key, 16) = 0)
|| (RAND_bytes(ret-tlsext_tick_aes_key, 16) = 0))
ret-options |= SSL_OP_NO_TICKET;