diff options
| author | jca <> | 2014-02-27 21:04:57 +0000 |
|---|---|---|
| committer | jca <> | 2014-02-27 21:04:57 +0000 |
| commit | 3b6d92e82b1421b811bcdec7f7fdfb31eeef18de (patch) | |
| tree | 40e788c732b30794928787a09a2b41e34c4772bb /src/lib/libssl/s3_pkt.c | |
| parent | 76214748f84ef8bbc3833462e40ef29a1e84a02c (diff) | |
| download | openbsd-3b6d92e82b1421b811bcdec7f7fdfb31eeef18de.tar.gz openbsd-3b6d92e82b1421b811bcdec7f7fdfb31eeef18de.tar.bz2 openbsd-3b6d92e82b1421b811bcdec7f7fdfb31eeef18de.zip | |
SECURITY fixes backported from openssl-1.0.1f. ok mikeb@
CVE-2013-4353 NULL pointer dereference with crafted Next Protocol
Negotiation record in TLS handshake.
Upstream: 197e0ea
CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client.
Upstream: ca98926, 0294b2b
CVE-2013-6450 Fix DTLS retransmission from previous session.
Upstream: 3462896
Diffstat (limited to 'src/lib/libssl/s3_pkt.c')
| -rw-r--r-- | src/lib/libssl/s3_pkt.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index a7d2defbea..c499c29cb5 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c | |||
| @@ -1458,8 +1458,14 @@ int ssl3_do_change_cipher_spec(SSL *s) | |||
| 1458 | slen=s->method->ssl3_enc->client_finished_label_len; | 1458 | slen=s->method->ssl3_enc->client_finished_label_len; |
| 1459 | } | 1459 | } |
| 1460 | 1460 | ||
| 1461 | s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, | 1461 | i = s->method->ssl3_enc->final_finish_mac(s, |
| 1462 | sender,slen,s->s3->tmp.peer_finish_md); | 1462 | sender,slen,s->s3->tmp.peer_finish_md); |
| 1463 | if (i == 0) | ||
| 1464 | { | ||
| 1465 | SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); | ||
| 1466 | return 0; | ||
| 1467 | } | ||
| 1468 | s->s3->tmp.peer_finish_md_len = i; | ||
| 1463 | 1469 | ||
| 1464 | return(1); | 1470 | return(1); |
| 1465 | } | 1471 | } |