diff options
| author | nectar <nectar@FreeBSD.org> | 2004-03-17 12:11:08 +0000 |
|---|---|---|
| committer | nectar <nectar@FreeBSD.org> | 2004-03-17 12:11:08 +0000 |
| commit | e8232d78abaf5a170e34e0742d0042a65bcaafe4 (patch) | |
| tree | 61beab9e630eee6949514999b0e00b50f9d6f883 | |
| parent | ee25ce74b3f6742c1079590363995e56ff51b014 (diff) | |
| download | FreeBSD-src-e8232d78abaf5a170e34e0742d0042a65bcaafe4.zip FreeBSD-src-e8232d78abaf5a170e34e0742d0042a65bcaafe4.tar.gz | |
Correct a denial-of-service vulnerability in OpenSSL (CAN-2004-0079).
Obtained from: OpenSSL CVS (http://cvs.openssl.org/chngview?cn=12033)
| -rw-r--r-- | crypto/openssl/ssl/s3_pkt.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c index 3f88429..9f3e513 100644 --- a/crypto/openssl/ssl/s3_pkt.c +++ b/crypto/openssl/ssl/s3_pkt.c @@ -1085,6 +1085,14 @@ start: goto err; } + /* Check we have a cipher to change to */ + if (s->s3->tmp.new_cipher == NULL) + { + i=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY); + goto err; + } + rr->length=0; if (s->msg_callback) |
