generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Additional CVE-2014-0224 protection.

Browse Source 
Return a fatal error if an attempt is made to use a zero length
master secret.
(cherry picked from commit 006cd7083f76ed5cb0d9a914857e9231ef1bc317)
This commit is contained in:
Dr. Stephen Henson 2014-05-16 12:55:16 +01:00
parent 8942b92c7c
commit 9d2c9dd1e1
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/s3_pkt.c
View File

@ -1632,7 +1632,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
if (s->s3->tmp.key_block == NULL) if (s->s3->tmp.key_block == NULL)
{ {
if (s->session == NULL) if (s->session == NULL || s->session->master_key_length == 0)
{ {
/* might happen if dtls1_read_bytes() calls this */ /* might happen if dtls1_read_bytes() calls this */
SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);