1 files changed, 11 insertions, 0 deletions

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index c3b5ff33ff..d734c359fb 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -258,6 +258,7 @@ int ssl3_accept(SSL *s)
                                 }
 
                         s->init_num=0;
+                        s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
 
                         if (s->state != SSL_ST_RENEGOTIATE)
                                 {
@@ -755,6 +756,14 @@ int ssl3_check_client_hello(SSL *s)
         int ok;
         long n;
 
+        /* We only allow the client to restart the handshake once per
+         * negotiation. */
+        if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
+                {
+                SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
+                return -1;
+                }
+
         /* this function is called when we really expect a Certificate message,
          * so permit appropriate message length */
         n=s->method->ssl_get_message(s,
@@ -783,6 +792,7 @@ int ssl3_check_client_hello(SSL *s)
                         s->s3->tmp.ecdh = NULL;
                         }
 #endif
+                s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
                 return 2;
                 }
         return 1;
@@ -2130,6 +2140,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                 if (i <= 0)
                         {
                         SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+                        BN_clear_free(pub);
                         goto err;
                         }