]> granicus.if.org Git - openssl/commit
projects / openssl / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ba881d3) | patch
Fix a mem leak in NPN handling
authorMatt Caswell <matt@openssl.org>
Fri, 9 Sep 2016 09:53:39 +0000 (10:53 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 22 Sep 2016 08:27:45 +0000 (09:27 +0100)
commitc31dbed70c0be1578276367a1ba420ac935d0c68
treed8493943f6d012e5e358c009af2856b26eb57133tree | snapshot
parentba881d3b39829d22eede8f69412d187aaab487e9commit | diff
Fix a mem leak in NPN handling

If a server sent multiple NPN extensions in a single ClientHello then a
mem leak can occur. This will only happen where the client has requested
NPN in the first place. It does not occur during renegotiation. Therefore
the maximum that could be leaked in a single connection with a malicious
server is 64k (the maximum size of the ServerHello extensions section). As
this is client side, only occurs if NPN has been requested and does not
occur during renegotiation this is unlikely to be exploitable.

Issue reported by Shi Lei.

Reviewed-by: Rich Salz <rsalz@openssl.org>
ssl/t1_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.