From 6cf0671671533a0aa8cb583f1d7f4f8e428268bd Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Thu, 27 Nov 2014 16:03:03 +0000
Subject: Avoid a NULL dereference in the DTLS client that can be triggered by
 a crafted server response used in conjunction with an anonymous DH or
 anonymous ECDH ciphersuite.

Fixes CVE-2014-3510, which is effectively a repeat of CVE-2014-3470 in
copied code.

Reported by Felix Groebert of the Google Security Team.

ok beck@ miod@
---
 src/lib/libssl/d1_clnt.c         | 10 +++++++++-
 src/lib/libssl/src/ssl/d1_clnt.c | 10 +++++++++-
 2 files changed, 18 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 7f6e232128..de5721851e 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.37 2014/11/16 14:12:47 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.38 2014/11/27 16:03:03 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -934,6 +934,14 @@ dtls1_send_client_key_exchange(SSL *s)
 
 		alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 
+		if (s->session->sess_cert == NULL) {
+			ssl3_send_alert(s, SSL3_AL_FATAL,
+			    SSL_AD_HANDSHAKE_FAILURE);
+			SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+			    ERR_R_INTERNAL_ERROR);
+			goto err;
+		}
+
 		if (alg_k & SSL_kRSA) {
 			RSA *rsa;
 			unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index 7f6e232128..de5721851e 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.37 2014/11/16 14:12:47 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.38 2014/11/27 16:03:03 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -934,6 +934,14 @@ dtls1_send_client_key_exchange(SSL *s)
 
 		alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 
+		if (s->session->sess_cert == NULL) {
+			ssl3_send_alert(s, SSL3_AL_FATAL,
+			    SSL_AD_HANDSHAKE_FAILURE);
+			SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+			    ERR_R_INTERNAL_ERROR);
+			goto err;
+		}
+
 		if (alg_k & SSL_kRSA) {
 			RSA *rsa;
 			unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-- 
cgit v1.2.3-55-g6feb