Skip to content
  1. Aug 24, 2016
  2. Aug 23, 2016
    • Dr. Stephen Henson's avatar
      Sanity check ticket length. · e97763c9
      Dr. Stephen Henson authored
      
      
      If a ticket callback changes the HMAC digest to SHA512 the existing
      sanity checks are not sufficient and an attacker could perform a DoS
      attack with a malformed ticket. Add additional checks based on
      HMAC size.
      
      Thanks to Shi Lei for reporting this bug.
      
      CVE-2016-6302
      
      Reviewed-by: default avatarViktor Dukhovni <viktor@openssl.org>
      e97763c9