forked from rpms/openssl
18 lines
750 B
Diff
18 lines
750 B
Diff
|
Tavis Ormandy and Will Drewry of the Google Security Team discovered a
|
||
|
possible DoS in the sslv2 client code. Where a client application uses
|
||
|
OpenSSL to make a SSLv2 connection to a malicious server that server
|
||
|
could cause the client to crash. CVE-2006-4343
|
||
|
|
||
|
--- ssl/s2_clnt.c 2005-08-06 00:52:07.000000000 +0100
|
||
|
+++ ssl/s2_clnt.c 2006-08-28 19:14:59.398605000 +0100
|
||
|
@@ -520,7 +520,8 @@ static int get_server_hello(SSL *s)
|
||
|
CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
|
||
|
}
|
||
|
|
||
|
- if (s->session->peer != s->session->sess_cert->peer_key->x509)
|
||
|
+ if (s->session->sess_cert == NULL
|
||
|
+ || s->session->peer != s->session->sess_cert->peer_key->x509)
|
||
|
/* can't happen */
|
||
|
{
|
||
|
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
|