Fix null-pointer assignment in do_change_cipher_spec() revealedOpenSSL_0_9_6m

by using the Codenomicon TLS Test Tool (CAN-2004-0079) Prepare for 0.9.6m tagging and release Submitted by: Steven Henson Reviewed by: Joe Orton Approved by: Mark Cox
author: Mark J. Cox <mark@openssl.org> 2004-03-17 11:40:44 +0000
committer: Mark J. Cox <mark@openssl.org> 2004-03-17 11:40:44 +0000
commit: 8ccf402239a07d23ab308c9dc11bfbe59bad3e65 (patch)
tree: 67048ca130d8c3a3b017bf71be4a9363f7e7a03a
parent: 8b3b01a2d4a8884904172d046dc032b8ee5c5109 (diff)
9 files changed, 26 insertions, 10 deletions
diff --git a/CHANGES b/CHANGES
index c001867307..fc810ea4e1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,9 +2,11 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.6l and 0.9.6m  [xx XXX xxxx]
+ Changes between 0.9.6l and 0.9.6m  [17 Mar 2004]
 
-  *)
+  *) Fix null-pointer assignment in do_change_cipher_spec() revealed
+     by using the Codenomicon TLS Test Tool (CAN-2004-0079)
+     [Joe Orton, Steve Henson]
 
  Changes between 0.9.6k and 0.9.6l  [04 Nov 2003]
 
diff --git a/FAQ b/FAQ
index 519ab89312..fe739d31a7 100644
--- a/FAQ
+++ b/FAQ
@@ -63,7 +63,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7c was released on September 30, 2003.
+OpenSSL 0.9.7d was released on March 17, 2004.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
diff --git a/LICENSE b/LICENSE
index dddb07842b..40277883a5 100644
--- a/LICENSE
+++ b/LICENSE
@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
diff --git a/NEWS b/NEWS
index 79dea2d72c..ac8f777e84 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,10 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.6l and OpenSSL 0.9.6m:
+
+      o Security: fix null-pointer bug leading to crash
+
   Major changes between OpenSSL 0.9.6k and OpenSSL 0.9.6l:
 
       o Security: fix ASN1 bug leading to large recursion
diff --git a/README b/README
index fc681edfd2..406e049224 100644
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
 
- OpenSSL 0.9.6l 04 Nov 2003
+ OpenSSL 0.9.6m 17 Mar 2004
 
- Copyright (c) 1998-2003 The OpenSSL Project
+ Copyright (c) 1998-2004 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 
diff --git a/STATUS b/STATUS
index 4594171b5b..671e9c9782 100644
--- a/STATUS
+++ b/STATUS
@@ -1,14 +1,16 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2003/11/04 11:30:38 $
+  ______________                           $Date: 2004/03/17 11:40:42 $
 
   DEVELOPMENT STATE
 
     o  OpenSSL 0.9.8:  Under development...
+    o  OpenSSL 0.9.7d: Released on March     17th, 2004
     o  OpenSSL 0.9.7c: Released on September 30th, 2003
     o  OpenSSL 0.9.7b: Released on April     10th, 2003
     o  OpenSSL 0.9.7a: Released on February  19th, 2003
     o  OpenSSL 0.9.7:  Released on December  31st, 2002
+    o  OpenSSL 0.9.6m: Released on March     17th, 2004
     o  OpenSSL 0.9.6l: Released on November   4th, 2003
     o  OpenSSL 0.9.6k: Released on September 30th, 2003
     o  OpenSSL 0.9.6j: Released on April     10th, 2003
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index 1c4bcf26ee..e929524eda 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -25,8 +25,8 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x009060d0L
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6m-dev xx XXX xxxx"
+#define OPENSSL_VERSION_NUMBER	0x009060dfL
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6m 17 Mar 2004"
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 
 
diff --git a/openssl.spec b/openssl.spec
index c93b917dfd..757c770bb6 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -1,7 +1,7 @@
 %define libmaj 0
 %define libmin 9
 %define librel 6
-%define librev l
+%define librev m
 Release: 1
 
 %define openssldir /var/ssl
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index caf975d688..75b49f715f 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1079,6 +1079,14 @@ start:
 			goto err;
 			}
 
+		/* Check we have a cipher to change to */
+		if (s->s3->tmp.new_cipher == NULL)
+			{
+			i=SSL_AD_UNEXPECTED_MESSAGE;
+			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
+			goto err;
+			}
+
 		rr->length=0;
 		s->s3->change_cipher_spec=1;
 		if (!do_change_cipher_spec(s))
author	Mark J. Cox <mark@openssl.org>	2004-03-17 11:40:44 +0000
committer	Mark J. Cox <mark@openssl.org>	2004-03-17 11:40:44 +0000
commit	8ccf402239a07d23ab308c9dc11bfbe59bad3e65 (patch)
tree	67048ca130d8c3a3b017bf71be4a9363f7e7a03a
parent	8b3b01a2d4a8884904172d046dc032b8ee5c5109 (diff)