Fix reachable assert in SSLv2 servers.

This assert is reachable for servers that support SSLv2 and export ciphers. Therefore, such servers can be DoSed by sending a specially crafted SSLv2 CLIENT-MASTER-KEY. Also fix s2_srvr.c to error out early if the key lengths are malformed. These lengths are sent unencrypted, so this does not introduce an oracle. CVE-2015-0293 This issue was discovered by Sean Burford (Google) and Emilia Käsper of the OpenSSL development team. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
author: Emilia Kasper <emilia@openssl.org> 2015-03-04 09:05:02 -0800
committer: Matt Caswell <matt@openssl.org> 2015-03-19 12:58:35 +0000
commit: 86f8fb0e344d62454f8daf3e15236b2b59210756 (patch)
tree: 60dfd04aea8199ad46fe8121794a334fef21d9aa /ssl/s2_lib.c
parent: c0334c2c92dd1bc3ad8138ba6e74006c3631b0f9 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
index f8a9439303..d55b93f76b 100644
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -493,7 +493,7 @@ int ssl2_generate_key_material(SSL *s)
 
         OPENSSL_assert(s->session->master_key_length >= 0
                        && s->session->master_key_length
-                       < (int)sizeof(s->session->master_key));
+                       <= (int)sizeof(s->session->master_key));
         EVP_DigestUpdate(&ctx, s->session->master_key,
                          s->session->master_key_length);
         EVP_DigestUpdate(&ctx, &c, 1);
author	Emilia Kasper <emilia@openssl.org>	2015-03-04 09:05:02 -0800
committer	Matt Caswell <matt@openssl.org>	2015-03-19 12:58:35 +0000
commit	86f8fb0e344d62454f8daf3e15236b2b59210756 (patch)
tree	60dfd04aea8199ad46fe8121794a334fef21d9aa /ssl/s2_lib.c
parent	c0334c2c92dd1bc3ad8138ba6e74006c3631b0f9 (diff)