]> arthur.barton.de Git - ngircd-alex.git/commitdiff
projects / ngircd-alex.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from: 627b0b7)
security: fix remotely triggerable crash in SSL/TLS code
authorFlorian Westphal <fw@strlen.de>
Mon, 4 May 2009 21:51:24 +0000 (23:51 +0200)
committerAlexander Barton <alex@barton.de>
Tue, 5 May 2009 08:21:20 +0000 (10:21 +0200)
When a server is running with SSL/TLS support compiled in,
it is trivial to crash the server by sending an MOTD request
via another server in the network.

- ONLY servers without ssl/tls support compiled in are not affected.
  Disabling SSL in the configuration (no ssl listening ports, etc)
  does NOT help.
- servers that are running standalone (i.e., not connected to any
  other servers) are not affected, either.

This affects all ngircd releases since ngircd 13 (earlier versions
have no SSL/TLS support).


No differences found
Alex' ngIRCd development repository