diff options
author | Bodo Möller <bodo@openssl.org> | 2008-05-28 22:17:34 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2008-05-28 22:17:34 +0000 |
commit | e194fe8f47a5bdc7a9eab19b4d387d00c410e633 (patch) | |
tree | a56ac06e08b50d862dbe66cbd9389183ada44740 /ssl | |
parent | 40a706286febe0279336c96374c607daaa1b1d49 (diff) |
From HEAD:
Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)
Reviewed by: openssl-security@openssl.org
Obtained from: mark@awe.com
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_clnt.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 4ca47faf51..23875f00e0 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2143,6 +2143,13 @@ int ssl3_send_client_key_exchange(SSL *s) { DH *dh_srvr,*dh_clnt; + if (s->session->sess_cert == NULL) + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); + goto err; + } + if (s->session->sess_cert->peer_dh_tmp != NULL) dh_srvr=s->session->sess_cert->peer_dh_tmp; else |