diff options
author | Mark J. Cox <mark@openssl.org> | 2006-09-28 13:18:43 +0000 |
---|---|---|
committer | Mark J. Cox <mark@openssl.org> | 2006-09-28 13:18:43 +0000 |
commit | 3ff55e9680cc99f330f25e48cd1422e3459c02de (patch) | |
tree | 1d0ec06ac2e93bcd761869294c1e21b682dce4a6 /ssl/s2_clnt.c | |
parent | cbb92dfaf0ec4e4bc91e729c69847f56d40d8302 (diff) |
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
Diffstat (limited to 'ssl/s2_clnt.c')
-rw-r--r-- | ssl/s2_clnt.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 89f3f7d753..d9750d0935 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -520,7 +520,8 @@ static int get_server_hello(SSL *s) CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509); } - if (s->session->peer != s->session->sess_cert->peer_key->x509) + if (s->session->sess_cert == NULL + || s->session->peer != s->session->sess_cert->peer_key->x509) /* can't happen */ { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); |