generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix flaw if 'Server Key exchange message' is omitted from a TLS

Browse Source 
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)

Reviewed by: openssl-security@openssl.org

Obtained from: mark@awe.com
This commit is contained in:
Mark J. Cox 2008-05-28 07:29:27 +00:00
parent d3b3a6d389
commit 2c0fa03dc6
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@ -4,6 +4,11 @@
Changes between 0.9.8g and 0.9.8h [xx XXX xxxx] Changes between 0.9.8g and 0.9.8h [xx XXX xxxx]
*) Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)
[Steve Henson, Mark Cox]
*) Fix double free in TLS server name extensions which could lead to *) Fix double free in TLS server name extensions which could lead to
a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) a remote crash found by Codenomicon TLS test suite (CVE-2008-0891)
[Joe Orton] [Joe Orton]

7
ssl/s3_clnt.c
View File

@ -2061,6 +2061,13 @@ int ssl3_send_client_key_exchange(SSL *s)
{ {
DH *dh_srvr,*dh_clnt; DH *dh_srvr,*dh_clnt;
if (s->session->sess_cert == NULL)
{
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
goto err;
}
if (s->session->sess_cert->peer_dh_tmp != NULL) if (s->session->sess_cert->peer_dh_tmp != NULL)
dh_srvr=s->session->sess_cert->peer_dh_tmp; dh_srvr=s->session->sess_cert->peer_dh_tmp;
else else