Fix buffer overflow in SSL_get_shared_ciphers() function.

(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] Fix SSL client code which could crash if connecting to a malicious SSLv2 server. (CVE-2006-4343) [Tavis Ormandy and Will Drewry, Google Security Team]
author: Mark J. Cox <mark@openssl.org> 2006-09-28 13:18:43 +0000
committer: Mark J. Cox <mark@openssl.org> 2006-09-28 13:18:43 +0000
commit: 3ff55e9680cc99f330f25e48cd1422e3459c02de (patch)
tree: 1d0ec06ac2e93bcd761869294c1e21b682dce4a6 /ssl/s2_clnt.c
parent: cbb92dfaf0ec4e4bc91e729c69847f56d40d8302 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 89f3f7d753..d9750d0935 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -520,7 +520,8 @@ static int get_server_hello(SSL *s)
 		CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
 		}
 
-	if (s->session->peer != s->session->sess_cert->peer_key->x509)
+	if (s->session->sess_cert == NULL 
+      || s->session->peer != s->session->sess_cert->peer_key->x509)
 		/* can't happen */
 		{
 		ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
author	Mark J. Cox <mark@openssl.org>	2006-09-28 13:18:43 +0000
committer	Mark J. Cox <mark@openssl.org>	2006-09-28 13:18:43 +0000
commit	3ff55e9680cc99f330f25e48cd1422e3459c02de (patch)
tree	1d0ec06ac2e93bcd761869294c1e21b682dce4a6 /ssl/s2_clnt.c
parent	cbb92dfaf0ec4e4bc91e729c69847f56d40d8302 (diff)