diff options
author | Matt Caswell <matt@openssl.org> | 2014-10-15 01:03:32 +0100 |
---|---|---|
committer | Geoff Thorpe <geoff@openssl.org> | 2014-10-15 08:54:26 -0400 |
commit | d64b6c980c8101e2d96c982c0b211ac3f94a3aaa (patch) | |
tree | 6d4bfc0bd8035b50261f2b670e9871f605bf8948 /ssl/t1_lib.c | |
parent | 05df9b9ae5a05cf0fe06de3a92ef2c563c49502a (diff) |
Fix for SRTP Memory Leak
CVE-2014-3513
This issue was reported to OpenSSL on 26th September 2014, based on an original
issue and patch developed by the LibreSSL project. Further analysis of the issue
was performed by the OpenSSL team.
The fix was developed by the OpenSSL team.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 5fed446ae0..c747b3092f 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1474,7 +1474,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c ret += s->alpn_client_proto_list_len; } - if(SSL_get_srtp_profiles(s)) + if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) { int el; @@ -1648,7 +1648,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c } #endif - if(s->srtp_profile) + if(SSL_IS_DTLS(s) && s->srtp_profile) { int el; @@ -2417,7 +2417,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char } /* session ticket processed earlier */ - else if (type == TLSEXT_TYPE_use_srtp) + else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s) + && type == TLSEXT_TYPE_use_srtp) { if(ssl_parse_clienthello_use_srtp_ext(s, data, size, al)) @@ -2750,7 +2751,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char } } #endif - else if (type == TLSEXT_TYPE_use_srtp) + else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) { if(ssl_parse_serverhello_use_srtp_ext(s, data, size, al)) |