diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-05-16 12:55:16 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-06-05 13:22:24 +0100 |
commit | a7c682fb6f692c9a3868777a7ff305784714c131 (patch) | |
tree | dd4169738dad7312438b0869897be49edf1d9c4a /ssl/s3_pkt.c | |
parent | b4322e1de8be66ff230e26999b766ca1a42f9476 (diff) | |
download | openssl-a7c682fb6f692c9a3868777a7ff305784714c131.tar.gz |
Additional CVE-2014-0224 protection.
Return a fatal error if an attempt is made to use a zero length
master secret.
(cherry picked from commit 006cd7083f76ed5cb0d9a914857e9231ef1bc317)
Diffstat (limited to 'ssl/s3_pkt.c')
-rw-r--r-- | ssl/s3_pkt.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 5efc03e5ec..34eb2b4423 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1727,7 +1727,7 @@ int ssl3_do_change_cipher_spec(SSL *s) if (s->s3->tmp.key_block == NULL) { - if (s->session == NULL) + if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); |