blob: eec6a15b27bd0c9ff9181abd1e9b4c2ca4191bb1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
From a7c682fb6f692c9a3868777a7ff305784714c131 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 16 May 2014 12:55:16 +0100
Subject: [PATCH 2/2] Additional CVE-2014-0224 protection.
Upstream-Status: Backport
Return a fatal error if an attempt is made to use a zero length
master secret.
(cherry picked from commit 006cd7083f76ed5cb0d9a914857e9231ef1bc317)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
ssl/s3_pkt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 5efc03e..34eb2b4 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1727,7 +1727,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
if (s->s3->tmp.key_block == NULL)
{
- if (s->session == NULL)
+ if (s->session == NULL || s->session->master_key_length == 0)
{
/* might happen if dtls1_read_bytes() calls this */
SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
--
1.7.10.4
|