avoid null-pointer deref (aka CAN-2004-0079)

see http://www.openssl.org/news/secadv_20040317.txt
author: markus <> 2004-03-17 12:28:29 +0000
committer: markus <> 2004-03-17 12:28:29 +0000
commit: a300d320eeca00daca7747f4e4327416da173e6f (patch)
tree: 94169da5497af75f2f9a895134510adce11885b1 /src/lib
parent: 2f5c2715e192c7b513bb4dc24bf83d3845a62940 (diff)
download: openbsd-a300d320eeca00daca7747f4e4327416da173e6f.tar.gz
openbsd-a300d320eeca00daca7747f4e4327416da173e6f.tar.bz2
openbsd-a300d320eeca00daca7747f4e4327416da173e6f.zip
2 files changed, 16 insertions, 0 deletions
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 3f88429e79..9f3e5139ad 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -1085,6 +1085,14 @@ start:
                        goto err;
                        }
+                /* Check we have a cipher to change to */
+                if (s->s3->tmp.new_cipher == NULL)
+                        {
+                        i=SSL_AD_UNEXPECTED_MESSAGE;
+                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
+                        goto err;
+                        }
                rr->length=0;
                if (s->msg_callback)
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c
index 3f88429e79..9f3e5139ad 100644
--- a/src/lib/libssl/src/ssl/s3_pkt.c
+++ b/src/lib/libssl/src/ssl/s3_pkt.c
@@ -1085,6 +1085,14 @@ start:
                        goto err;
                        }
+                /* Check we have a cipher to change to */
+                if (s->s3->tmp.new_cipher == NULL)
+                        {
+                        i=SSL_AD_UNEXPECTED_MESSAGE;
+                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
+                        goto err;
+                        }
                rr->length=0;
                if (s->msg_callback)
author	markus <>	2004-03-17 12:28:29 +0000
committer	markus <>	2004-03-17 12:28:29 +0000
commit	a300d320eeca00daca7747f4e4327416da173e6f (patch)
tree	94169da5497af75f2f9a895134510adce11885b1 /src/lib
parent	2f5c2715e192c7b513bb4dc24bf83d3845a62940 (diff)
download	openbsd-a300d320eeca00daca7747f4e4327416da173e6f.tar.gz openbsd-a300d320eeca00daca7747f4e4327416da173e6f.tar.bz2 openbsd-a300d320eeca00daca7747f4e4327416da173e6f.zip

diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index 3f88429e79..9f3e5139ad 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c
@@ -1085,6 +1085,14 @@ start:
1085	goto err;	1085	goto err;
1086	}	1086	}
1087		1087
		1088	/* Check we have a cipher to change to */
		1089	if (s->s3->tmp.new_cipher == NULL)
		1090	{
		1091	i=SSL_AD_UNEXPECTED_MESSAGE;
		1092	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
		1093	goto err;
		1094	}
		1095
1088	rr->length=0;	1096	rr->length=0;
1089		1097
1090	if (s->msg_callback)	1098	if (s->msg_callback)


diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c index 3f88429e79..9f3e5139ad 100644 --- a/src/lib/libssl/src/ssl/s3_pkt.c +++ b/src/lib/libssl/src/ssl/s3_pkt.c
@@ -1085,6 +1085,14 @@ start:
1085	goto err;	1085	goto err;
1086	}	1086	}
1087		1087
		1088	/* Check we have a cipher to change to */
		1089	if (s->s3->tmp.new_cipher == NULL)
		1090	{
		1091	i=SSL_AD_UNEXPECTED_MESSAGE;
		1092	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
		1093	goto err;
		1094	}
		1095
1088	rr->length=0;	1096	rr->length=0;
1089		1097
1090	if (s->msg_callback)	1098	if (s->msg_callback)