From 86f8fb0e344d62454f8daf3e15236b2b59210756 Mon Sep 17 00:00:00 2001
From: Emilia Kasper <emilia@openssl.org>
Date: Wed, 4 Mar 2015 09:05:02 -0800
Subject: Fix reachable assert in SSLv2 servers.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This assert is reachable for servers that support SSLv2 and export ciphers.
Therefore, such servers can be DoSed by sending a specially crafted
SSLv2 CLIENT-MASTER-KEY.

Also fix s2_srvr.c to error out early if the key lengths are malformed.
These lengths are sent unencrypted, so this does not introduce an oracle.

CVE-2015-0293

This issue was discovered by Sean Burford (Google) and Emilia Käsper of
the OpenSSL development team.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
---
 ssl/s2_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ssl/s2_lib.c')

diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
index f8a9439303..d55b93f76b 100644
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -493,7 +493,7 @@ int ssl2_generate_key_material(SSL *s)
 
         OPENSSL_assert(s->session->master_key_length >= 0
                        && s->session->master_key_length
-                       < (int)sizeof(s->session->master_key));
+                       <= (int)sizeof(s->session->master_key));
         EVP_DigestUpdate(&ctx, s->session->master_key,
                          s->session->master_key_length);
         EVP_DigestUpdate(&ctx, &c, 1);
-- 
cgit v1.2.3