diff options
author | sthen <> | 2014-06-05 20:38:11 +0000 |
---|---|---|
committer | sthen <> | 2014-06-05 20:38:11 +0000 |
commit | 944844ebbb0c7d2235ec860c2d2b18018890eac5 (patch) | |
tree | 6b40e137583b67c44a254f59845154ed5ecbac3c | |
parent | d0f81948182201e2d50b1bf34f37b39db21f3427 (diff) | |
download | openbsd-944844ebbb0c7d2235ec860c2d2b18018890eac5.tar.gz openbsd-944844ebbb0c7d2235ec860c2d2b18018890eac5.tar.bz2 openbsd-944844ebbb0c7d2235ec860c2d2b18018890eac5.zip |
MFC sess_cert fix (CVE-2014-3470)
"Ensure that sess_cert is not NULL before trying to use it.
Fixes CVE-2014-3470, from OpenSSL." From s3_clnt.c r1.66
-rw-r--r-- | src/lib/libssl/src/ssl/s3_clnt.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index 397e148f11..18a4bdaf21 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c | |||
@@ -2510,6 +2510,14 @@ int ssl3_send_client_key_exchange(SSL *s) | |||
2510 | int ecdh_clnt_cert = 0; | 2510 | int ecdh_clnt_cert = 0; |
2511 | int field_size = 0; | 2511 | int field_size = 0; |
2512 | 2512 | ||
2513 | if (s->session->sess_cert == NULL) { | ||
2514 | ssl3_send_alert(s, SSL3_AL_FATAL, | ||
2515 | SSL_AD_UNEXPECTED_MESSAGE); | ||
2516 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
2517 | SSL_R_UNEXPECTED_MESSAGE); | ||
2518 | goto err; | ||
2519 | } | ||
2520 | |||
2513 | /* Did we send out the client's | 2521 | /* Did we send out the client's |
2514 | * ECDH share for use in premaster | 2522 | * ECDH share for use in premaster |
2515 | * computation as part of client certificate? | 2523 | * computation as part of client certificate? |