diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2014-07-25 00:50:06 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2014-08-06 20:41:24 +0100 |
| commit | f338c2e0c2ce1e89cf8eba2d38878081f46b9dce (patch) | |
| tree | db100a18f5978eb3e4cfc80a5f840b948dad0ca8 /ssl/t1_lib.c | |
| parent | 92aa73bcbfad44f9dd7997ae51537ac5d7dc201e (diff) | |
Fix SRP ciphersuite DoS vulnerability.
If a client attempted to use an SRP ciphersuite and it had not been
set up correctly it would crash with a null pointer read. A malicious
server could exploit this in a DoS attack.
Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon
for reporting this issue.
CVE-2014-2970
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'ssl/t1_lib.c')
| -rw-r--r-- | ssl/t1_lib.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 9e5927f826..ba2d9ae8f0 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1086,6 +1086,13 @@ void ssl_set_client_disabled(SSL *s) c->mask_k |= SSL_kPSK; } #endif /* OPENSSL_NO_PSK */ +#ifndef OPENSSL_NO_SRP + if (!(s->srp_ctx.srp_Mask & SSL_kSRP)) + { + c->mask_a |= SSL_aSRP; + c->mask_k |= SSL_kSRP; + } +#endif c->valid = 1; } |