summaryrefslogtreecommitdiffstats
path: root/ssl/s3_srvr.c
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2012-01-04 23:07:54 +0000
committerDr. Stephen Henson <steve@openssl.org>2012-01-04 23:07:54 +0000
commitaaa3850ccd22feccd009a1a228424618cf10b943 (patch)
treebae0dd178d00be4ba8fe4a1b7823a871b5fb6dc1 /ssl/s3_srvr.c
parenta17b5d5a4f50f50f46d27fc52158455d12833196 (diff)
Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
Diffstat (limited to 'ssl/s3_srvr.c')
-rw-r--r--ssl/s3_srvr.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index eee8de1ab5..45c36aed4f 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -295,6 +295,7 @@ int ssl3_accept(SSL *s)
}
s->init_num=0;
+ s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
if (s->state != SSL_ST_RENEGOTIATE)
{
@@ -869,6 +870,14 @@ int ssl3_check_client_hello(SSL *s)
int ok;
long n;
+ /* We only allow the client to restart the handshake once per
+ * negotiation. */
+ if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
+ {
+ SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
+ return -1;
+ }
+
/* this function is called when we really expect a Certificate message,
* so permit appropriate message length */
n=s->method->ssl_get_message(s,
@@ -897,6 +906,7 @@ int ssl3_check_client_hello(SSL *s)
s->s3->tmp.ecdh = NULL;
}
#endif
+ s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
return 2;
}
return 1;
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-27 17:00:29 +0000