Fix DHE Null CKE vulnerability

If client auth is used then a server can seg fault in the event of a DHE cipher being used and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. CVE-2015-1787 Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-03-10 16:38:32 +0000
committer: Matt Caswell <matt@openssl.org> 2015-03-19 12:58:35 +0000
commit: b19d8143212ae5fbc9cebfd51c01f802fabccd33 (patch)
tree: ec733424fac399d50a9303b0c64100db3cce63fd /ssl/s3_srvr.c
parent: 76343947ada960b6269090638f5391068daee88d (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 9e6ab0136a..c016139b1d 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2251,10 +2251,17 @@ int ssl3_get_client_key_exchange(SSL *s)
     if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
         int idx = -1;
         EVP_PKEY *skey = NULL;
-        if (n)
+        if (n > 1) {
             n2s(p, i);
-        else
+        } else {
+            if (alg_k & SSL_kDHE) {
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                       SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+                goto f_err;
+            }
             i = 0;
+        }
         if (n && n != i + 2) {
             if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
                 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
author	Matt Caswell <matt@openssl.org>	2015-03-10 16:38:32 +0000
committer	Matt Caswell <matt@openssl.org>	2015-03-19 12:58:35 +0000
commit	b19d8143212ae5fbc9cebfd51c01f802fabccd33 (patch)
tree	ec733424fac399d50a9303b0c64100db3cce63fd /ssl/s3_srvr.c
parent	76343947ada960b6269090638f5391068daee88d (diff)