Search
j0ke.net Open Build Service
>
Projects
>
home:netmax
:
monitoring
>
openssl1
> openssl-CVE-2015-3194.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File openssl-CVE-2015-3194.patch of Package openssl1
From d8541d7e9e63bf5f343af24644046c8d96498c17 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" <steve@openssl.org> Date: Fri, 2 Oct 2015 13:10:29 +0100 Subject: [PATCH] Add PSS parameter check. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Avoid seg fault by checking mgf1 parameter is not NULL. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug. CVE-2015-3194 Reviewed-by: Matt Caswell <matt@openssl.org> --- crypto/rsa/rsa_ameth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: openssl-1.0.1i/crypto/rsa/rsa_ameth.c =================================================================== --- openssl-1.0.1i.orig/crypto/rsa/rsa_ameth.c 2015-12-03 17:56:38.292632624 +0100 +++ openssl-1.0.1i/crypto/rsa/rsa_ameth.c 2015-12-03 17:58:11.106130819 +0100 @@ -287,7 +287,7 @@ static RSA_PSS_PARAMS *rsa_pss_decode(co { ASN1_TYPE *param = pss->maskGenAlgorithm->parameter; if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 - && param->type == V_ASN1_SEQUENCE) + && param && param->type == V_ASN1_SEQUENCE) { p = param->value.sequence->data; plen = param->value.sequence->length;