Fix for CVE-2015-0291
If a client renegotiates using an invalid signature algorithms extension
it will crash a server with a NULL pointer dereference.
Thanks to David Ramos of Stanford University for reporting this bug.
CVE-2015-0291
Reviewed-by: Tim Hudson <tjh@openssl.org>
Conflicts:
ssl/t1_lib.c
parent
4b22cce3
Please register or sign in to comment