Fix possible buffer overflow with PSK

2026-02-19 00:39:46 +00:00 · 2014-03-25 16:28:12 +01:00
parent fdddac90a6
commit b2bf5a1bbb
3 changed files with 14 additions and 2 deletions
--- a/3
+++ b/3
@@ -25,10 +25,11 @@ Changes

 Security
   * Forbid change of server certificate during renegotiation to prevent
-     "triple handshake" attack when authentication mode is optional (the
+     "triple handshake" attack when authentication mode is 'optional' (the
     attack was already impossible when authentication is required).
   * Check notBefore timestamp of certificates and CRLs from the future.
   * Forbid sequence number wrapping
+   * Fix possible buffer overflow with overlong PSK

 Bugfix
   * ecp_gen_keypair() does more tries to prevent failure because of