summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2004-03-17 12:11:08 +0000
committernectar <nectar@FreeBSD.org>2004-03-17 12:11:08 +0000
commite8232d78abaf5a170e34e0742d0042a65bcaafe4 (patch)
tree61beab9e630eee6949514999b0e00b50f9d6f883 /crypto
parentee25ce74b3f6742c1079590363995e56ff51b014 (diff)
downloadFreeBSD-src-e8232d78abaf5a170e34e0742d0042a65bcaafe4.zip
FreeBSD-src-e8232d78abaf5a170e34e0742d0042a65bcaafe4.tar.gz
Correct a denial-of-service vulnerability in OpenSSL (CAN-2004-0079).
Obtained from: OpenSSL CVS (http://cvs.openssl.org/chngview?cn=12033)
Diffstat (limited to 'crypto')
-rw-r--r--crypto/openssl/ssl/s3_pkt.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c
index 3f88429..9f3e513 100644
--- a/crypto/openssl/ssl/s3_pkt.c
+++ b/crypto/openssl/ssl/s3_pkt.c
@@ -1085,6 +1085,14 @@ start:
goto err;
}
+ /* Check we have a cipher to change to */
+ if (s->s3->tmp.new_cipher == NULL)
+ {
+ i=SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
+ goto err;
+ }
+
rr->length=0;
if (s->msg_callback)
OpenPOWER on IntegriCloud