Sanity check the ticket length before using key name/IV (cb750375) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Commit cb750375 authored Feb 20, 2018 by

Matt Caswell

Sanity check the ticket length before using key name/IV



This could in theory result in an overread - but due to the over allocation
of the underlying buffer does not represent a security issue.

Thanks to Fedor Indutny for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5417)

parent 773da093

Hide whitespace changes

Inline Side-by-side

Please register or to comment