blob: 025727f5877c9b042d051e8e7dcf010a49568de0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
commit 4ad43d511f6cf064c66eb4bfd0fb0919b5dd8a86
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Thu May 29 15:00:05 2014 +0100
Fix CVE-2014-3470
Check session_cert is not NULL before dereferencing it.
Patch borrowed from Fedora
Upstream-Status: Backport
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index d35376d..4324f8d 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2511,6 +2511,13 @@ int ssl3_send_client_key_exchange(SSL *s)
int ecdh_clnt_cert = 0;
int field_size = 0;
+ if (s->session->sess_cert == NULL)
+ {
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+ goto err;
+ }
+
/* Did we send out the client's
* ECDH share for use in premaster
* computation as part of client certificate?
|