diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-05-16 12:55:16 +0100 |
---|---|---|
committer | Dan Pasanen <dan.pasanen@gmail.com> | 2014-06-05 19:10:10 -0500 |
commit | f12d924262aa1445f0441459db92791c43f9927a (patch) | |
tree | 4c61ca705cebd73a9491a50cf1d691873ae0b41c | |
parent | 8653da8cff028c270f7689d149f6ef6a9956f8d5 (diff) | |
download | replicant_openssl-f12d924262aa1445f0441459db92791c43f9927a.zip replicant_openssl-f12d924262aa1445f0441459db92791c43f9927a.tar.gz replicant_openssl-f12d924262aa1445f0441459db92791c43f9927a.tar.bz2 |
Additional CVE-2014-0224 protection.
Return a fatal error if an attempt is made to use a zero length
master secret.
(cherry picked from commit 006cd7083f76ed5cb0d9a914857e9231ef1bc317)
Change-Id: Ib8febeb063915563b86cee741bfea0125248abbd
-rw-r--r-- | ssl/s3_pkt.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 804291e..6bc9395 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1431,7 +1431,7 @@ int ssl3_do_change_cipher_spec(SSL *s) if (s->s3->tmp.key_block == NULL) { - if (s->session == NULL) + if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); |