2c01b19843
- fix CVE-2008-1672 - server key exchange message omit crash (#448495)
25 lines
1.0 KiB
Diff
25 lines
1.0 KiB
Diff
*) Fix flaw if 'Server Key exchange message' is omitted from a TLS
|
|
Handshake which could lead to a cilent crash as found using the
|
|
Codenomicon TLS test suite (CVE-2008-1672) [Steve Henson, Mark Cox]
|
|
Index: ssl/s3_clnt.c
|
|
===================================================================
|
|
RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v
|
|
retrieving revision 1.88.2.12
|
|
diff -u -r1.88.2.12 ssl/s3_clnt.c
|
|
--- ssl/s3_clnt.c 3 Nov 2007 13:07:39 -0000
|
|
+++ ssl/s3_clnt.c 22 May 2008 09:19:30 -0000
|
|
@@ -2061,6 +2061,13 @@
|
|
{
|
|
DH *dh_srvr,*dh_clnt;
|
|
|
|
+ if (s->session->sess_cert == NULL)
|
|
+ {
|
|
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
|
|
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
|
|
+ goto err;
|
|
+ }
|
|
+
|
|
if (s->session->sess_cert->peer_dh_tmp != NULL)
|
|
dh_srvr=s->session->sess_cert->peer_dh_tmp;
|
|
else
|