diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-05-16 12:55:16 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-06-03 16:30:23 +0100 |
commit | 897169fdf06bf75b4d0c503d61abb45656dd90a6 (patch) | |
tree | 393bdd0d055c45505c513729becbf9b78c9d80a5 /ssl | |
parent | 410a49a4fa1d2a1a9775ee29f9e40cbbda79c149 (diff) |
Additional CVE-2014-0224 protection.
Return a fatal error if an attempt is made to use a zero length
master secret.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_pkt.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 6caa3bb522..c087fee093 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1306,7 +1306,7 @@ int ssl3_do_change_cipher_spec(SSL *s) if (s->s3->tmp.key_block == NULL) { - if (s->session == NULL) + if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); |