Skip to content
GitLab
Commit 8d038a08 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

The fix for CVE-2012-2110 did not take into account that the 

'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
int in OpenSSL 0.9.8, making it still vulnerable. Fix by
rejecting negative len parameter.

Thanks to the many people who reported this bug and to Tomas Hoger
<thoger@redhat.com> for supplying the fix.
parent 747c6ffd
Hide whitespace changes
Inline Side-by-side
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment