Fix for CVE-2014-0224
Only accept change cipher spec when it is expected instead of at any time. This prevents premature setting of session keys before the master secret is determined which an attacker could use as a MITM attack. Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue and providing the initial fix this patch is based on.
This commit is contained in:
Dr. Stephen Henson
@@ -1166,6 +1166,15 @@ start:
|
||||
goto f_err;
|
||||
}
|
||||
|
||||
if (!(s->s3->flags & SSL3_FLAGS_CCS_OK))
|
||||
{
|
||||
al=SSL_AD_UNEXPECTED_MESSAGE;
|
||||
SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
|
||||
goto f_err;
|
||||
}
|
||||
|
||||
s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
|
||||
|
||||
rr->length=0;
|
||||
|
||||
if (s->msg_callback)
|
||||
|
||||
Reference in New Issue
Block a user