From 83764a989dcc87fbea337da5f8f86806fe767b7e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 29 Jul 2014 21:23:30 +0100 Subject: Fix SRP ciphersuite DoS vulnerability. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If a client attempted to use an SRP ciphersuite and it had not been set up correctly it would crash with a null pointer read. A malicious server could exploit this in a DoS attack. Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon for reporting this issue. CVE-2014-5139 Reviewed-by: Tim Hudson --- ssl/s3_clnt.c | 9 +++++++++ ssl/ssl_lib.c | 5 +++++ 2 files changed, 14 insertions(+) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index df05f788e9..0aba7e5e0a 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -954,6 +954,15 @@ int ssl3_get_server_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED); goto f_err; } +#ifndef OPENSSL_NO_SRP + if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP)) && + !(s->srp_ctx.srp_Mask & SSL_kSRP)) + { + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED); + goto f_err; + } +#endif /* OPENSSL_NO_SRP */ p+=ssl_put_cipher_by_char(s,NULL,NULL); sk=ssl_get_ciphers_by_id(s); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ef6258ca9f..82a2c80129 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1406,6 +1406,11 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, s->psk_client_callback == NULL) continue; #endif /* OPENSSL_NO_PSK */ +#ifndef OPENSSL_NO_SRP + if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP)) && + !(s->srp_ctx.srp_Mask & SSL_kSRP)) + continue; +#endif /* OPENSSL_NO_SRP */ j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); p+=j; } -- cgit v1.2.3