]> granicus.if.org Git - openssl/commit
Don't try and verify signatures if key is NULL (CVE-2013-0166)
authorDr. Stephen Henson <steve@openssl.org>
Thu, 24 Jan 2013 13:30:42 +0000 (13:30 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 29 Jan 2013 16:49:24 +0000 (16:49 +0000)
commit62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7
tree15fb8fedf8e52fb1f7e2d8f0b1a790911a91ce54
parent014265eb02e26f35c8db58e2ccbf100b0b2f0072
Don't try and verify signatures if key is NULL (CVE-2013-0166)
Add additional check to catch this in ASN1_item_verify too.
CHANGES
crypto/asn1/a_verify.c
crypto/ocsp/ocsp_vfy.c