Please sign in to comment.
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Multiblock corrupted pointer fix
OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause OpenSSL's internal write buffer to become incorrectly set to NULL when using non-blocking IO. Typically, when the user application is using a socket BIO for writing, this will only result in a failed connection. However if some other BIO is used then it is likely that a segmentation fault will be triggered, thus enabling a potential DoS attack. CVE-2015-0290 Reviewed-by: Richard Levitte <firstname.lastname@example.org> Reviewed-by: Andy Polyakov <email@example.com>
- Loading branch information