forked from rpms/openssl
6dc7017559
- fix CVE-2006-2940 - parasitic public keys DoS (#207274) - fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940) - fix CVE-2006-4343 - sslv2 client DoS (#206940)
18 lines
750 B
Diff
18 lines
750 B
Diff
Tavis Ormandy and Will Drewry of the Google Security Team discovered a
|
|
possible DoS in the sslv2 client code. Where a client application uses
|
|
OpenSSL to make a SSLv2 connection to a malicious server that server
|
|
could cause the client to crash. CVE-2006-4343
|
|
|
|
--- ssl/s2_clnt.c 2005-08-06 00:52:07.000000000 +0100
|
|
+++ ssl/s2_clnt.c 2006-08-28 19:14:59.398605000 +0100
|
|
@@ -520,7 +520,8 @@ static int get_server_hello(SSL *s)
|
|
CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
|
|
}
|
|
|
|
- if (s->session->peer != s->session->sess_cert->peer_key->x509)
|
|
+ if (s->session->sess_cert == NULL
|
|
+ || s->session->peer != s->session->sess_cert->peer_key->x509)
|
|
/* can't happen */
|
|
{
|
|
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
|