diff options
author | Matt Caswell <matt@openssl.org> | 2015-04-23 20:01:33 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-05-05 19:45:17 +0100 |
commit | a89db885e0d8aac3a9df1bbccb0c1ddfd8b2e10a (patch) | |
tree | 85276802786a6d323b82c2ee95890bc24cb1ac88 /ssl/s3_srvr.c | |
parent | a28ef860be371e45f4818b22be378519538d70f9 (diff) | |
download | openssl-a89db885e0d8aac3a9df1bbccb0c1ddfd8b2e10a.tar.gz |
Add Error state
Reusing an SSL object when it has encountered a fatal error can
have bad consequences. This is a bug in application code not libssl
but libssl should be more forgiving and not crash.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl/s3_srvr.c')
-rw-r--r-- | ssl/s3_srvr.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 7a399673b1..266952831c 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -847,6 +847,7 @@ int ssl3_accept(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -1444,8 +1445,10 @@ int ssl3_get_client_hello(SSL *s) if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - } err: + s->state = SSL_ST_ERR; + } + sk_SSL_CIPHER_free(ciphers); return ret < 0 ? -1 : ret; } |