Skip to content
Commit d8541d7e authored by Dr. Stephen Henson's avatar Dr. Stephen Henson Committed by Richard Levitte
Browse files

Add PSS parameter check.



Avoid seg fault by checking mgf1 parameter is not NULL. This can be
triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.

Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug.

CVE-2015-3194

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent b29ffa39
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment