diff options
author | Matt Caswell <matt@openssl.org> | 2015-03-10 16:38:32 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-03-19 12:58:35 +0000 |
commit | b19d8143212ae5fbc9cebfd51c01f802fabccd33 (patch) | |
tree | ec733424fac399d50a9303b0c64100db3cce63fd /ssl/s3_srvr.c | |
parent | 76343947ada960b6269090638f5391068daee88d (diff) |
Fix DHE Null CKE vulnerability
If client auth is used then a server can seg fault in the event of a DHE
cipher being used and a zero length ClientKeyExchange message being sent
by the client. This could be exploited in a DoS attack.
CVE-2015-1787
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'ssl/s3_srvr.c')
-rw-r--r-- | ssl/s3_srvr.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 9e6ab0136a..c016139b1d 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2251,10 +2251,17 @@ int ssl3_get_client_key_exchange(SSL *s) if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) { int idx = -1; EVP_PKEY *skey = NULL; - if (n) + if (n > 1) { n2s(p, i); - else + } else { + if (alg_k & SSL_kDHE) { + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); + goto f_err; + } i = 0; + } if (n && n != i + 2) { if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |