generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix CVE-2014-0221

Browse Source 
Unnecessary recursion when receiving a DTLS hello request can be used to
crash a DTLS client. Fixed by handling DTLS hello request without recursion.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
This commit is contained in:
Dr. Stephen Henson 2014-05-16 13:00:45 +01:00
parent 006cd7083f
commit d3152655d5
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/d1_both.c
View File

@ -793,6 +793,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
int i,al; int i,al;
struct hm_header_st msg_hdr; struct hm_header_st msg_hdr;
redo:
/* see if we have the required fragment already */ /* see if we have the required fragment already */
if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
{ {
@ -851,8 +852,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
s->msg_callback_arg); s->msg_callback_arg);
s->init_num = 0; s->init_num = 0;
return dtls1_get_message_fragment(s, st1, stn, goto redo;
max, ok);
} }
else /* Incorrectly formated Hello request */ else /* Incorrectly formated Hello request */
{ {