Go into the error state if a fatal alert is sent or received (e9bbefbf) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Commit e9bbefbf authored Dec 14, 2018 by

Matt Caswell

Go into the error state if a fatal alert is sent or received



If an application calls SSL_shutdown after a fatal alert has occured and
then behaves different based on error codes from that function then the
application may be vulnerable to a padding oracle.

CVE-2019-1559

Reviewed-by: Richard Levitte <levitte@openssl.org>

parent c81f1695

Hide whitespace changes

Inline Side-by-side

Please register or to comment