From 3b6d92e82b1421b811bcdec7f7fdfb31eeef18de Mon Sep 17 00:00:00 2001
From: jca <>
Date: Thu, 27 Feb 2014 21:04:57 +0000
Subject: SECURITY fixes backported from openssl-1.0.1f.  ok mikeb@

CVE-2013-4353 NULL pointer dereference with crafted Next Protocol
 Negotiation record in TLS handshake.
Upstream: 197e0ea

CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client.
Upstream: ca98926, 0294b2b

CVE-2013-6450 Fix DTLS retransmission from previous session.
Upstream: 3462896
---
 src/lib/libssl/s3_both.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/lib/libssl/s3_both.c')

diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 6981852b5b..ed0fcfc532 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -161,6 +161,8 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 
 		i=s->method->ssl3_enc->final_finish_mac(s,
 			sender,slen,s->s3->tmp.finish_md);
+		if (i == 0)
+			return 0;
 		s->s3->tmp.finish_md_len = i;
 		memcpy(p, s->s3->tmp.finish_md, i);
 		p+=i;
@@ -208,6 +210,11 @@ static void ssl3_take_mac(SSL *s) {
 	const char *sender;
 	int slen;
 
+	/* If no new cipher setup return immediately: other functions will
+	 * set the appropriate error.
+	 */
+	if (s->s3->tmp.new_cipher == NULL)
+		return;
 	if (s->state & SSL_ST_CONNECT)
 		{
 		sender=s->method->ssl3_enc->server_finished_label;
-- 
cgit v1.2.3-55-g6feb