From 36800c36d63da1fd32f04d62c4e421dfa96b7667 Mon Sep 17 00:00:00 2001
From: "Mark J. Cox" <mark@openssl.org>
Date: Wed, 17 Mar 2004 11:45:35 +0000
Subject: Fix null-pointer assignment in do_change_cipher_spec() revealed by
 using the Codenomicon TLS Test Tool (CAN-2004-0079)

Prepare for 0.9.6m release

Submitted by: Steven Henson
Reviewed by: Joe Orton
Approved by: Mark Cox
---
 CHANGES           | 6 ++++--
 FAQ               | 2 +-
 LICENSE           | 2 +-
 NEWS              | 4 ++++
 README            | 4 ++--
 STATUS            | 4 +++-
 crypto/opensslv.h | 4 ++--
 openssl.spec      | 2 +-
 ssl/s3_pkt.c      | 8 ++++++++
 9 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/CHANGES b/CHANGES
index c001867307..fc810ea4e1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,9 +2,11 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.6l and 0.9.6m  [xx XXX xxxx]
+ Changes between 0.9.6l and 0.9.6m  [17 Mar 2004]
 
-  *)
+  *) Fix null-pointer assignment in do_change_cipher_spec() revealed
+     by using the Codenomicon TLS Test Tool (CAN-2004-0079)
+     [Joe Orton, Steve Henson]
 
  Changes between 0.9.6k and 0.9.6l  [04 Nov 2003]
 
diff --git a/FAQ b/FAQ
index 519ab89312..fe739d31a7 100644
--- a/FAQ
+++ b/FAQ
@@ -63,7 +63,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7c was released on September 30, 2003.
+OpenSSL 0.9.7d was released on March 17, 2004.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
diff --git a/LICENSE b/LICENSE
index dddb07842b..40277883a5 100644
--- a/LICENSE
+++ b/LICENSE
@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
diff --git a/NEWS b/NEWS
index 79dea2d72c..ac8f777e84 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,10 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.6l and OpenSSL 0.9.6m:
+
+      o Security: fix null-pointer bug leading to crash
+
   Major changes between OpenSSL 0.9.6k and OpenSSL 0.9.6l:
 
       o Security: fix ASN1 bug leading to large recursion
diff --git a/README b/README
index a0524a29c1..eeb88d92e8 100644
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
 
- OpenSSL 0.9.6l [engine] 04 Nov 2003
+ OpenSSL 0.9.6m [engine] 17 Mar 2004
 
- Copyright (c) 1998-2003 The OpenSSL Project
+ Copyright (c) 1998-2004 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 
diff --git a/STATUS b/STATUS
index 018058c8ac..976f7c091a 100644
--- a/STATUS
+++ b/STATUS
@@ -1,14 +1,16 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2003/11/04 11:33:10 $
+  ______________                           $Date: 2004/03/17 11:45:33 $
 
   DEVELOPMENT STATE
 
     o  OpenSSL 0.9.8:  Under development...
+    o  OpenSSL 0.9.7d: Released on March     17th, 2004
     o  OpenSSL 0.9.7c: Released on September 30th, 2003
     o  OpenSSL 0.9.7b: Released on April     10th, 2003
     o  OpenSSL 0.9.7a: Released on February  19th, 2003
     o  OpenSSL 0.9.7:  Released on December  31st, 2002
+    o  OpenSSL 0.9.6m: Released on March     17th, 2004
     o  OpenSSL 0.9.6l: Released on November   4th, 2003
     o  OpenSSL 0.9.6k: Released on September 30th, 2003
     o  OpenSSL 0.9.6j: Released on April     10th, 2003
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index dcd3d2c3e0..063eaebd4e 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -25,8 +25,8 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x009060d0L
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6m-dev [engine] xx XXX xxxx"
+#define OPENSSL_VERSION_NUMBER	0x009060dfL
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6m [engine] 17 Mar 2004"
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 
 
diff --git a/openssl.spec b/openssl.spec
index 98f517e21a..d7fa295a62 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -1,7 +1,7 @@
 %define libmaj 0
 %define libmin 9
 %define librel 6
-%define librev l
+%define librev m
 Release: 1
 
 %define openssldir /var/ssl
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index caf975d688..75b49f715f 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1079,6 +1079,14 @@ start:
 			goto err;
 			}
 
+		/* Check we have a cipher to change to */
+		if (s->s3->tmp.new_cipher == NULL)
+			{
+			i=SSL_AD_UNEXPECTED_MESSAGE;
+			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
+			goto err;
+			}
+
 		rr->length=0;
 		s->s3->change_cipher_spec=1;
 		if (!do_change_cipher_spec(s))
-- 
cgit v1.2.3