diff options
author | Emilia Kasper <emilia@openssl.org> | 2014-11-19 17:01:36 +0100 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2014-11-20 14:57:15 +0100 |
commit | e94a6c0ede623960728415b68650a595e48f5a43 (patch) | |
tree | 9ac092e0c94be7bbaeab1a766d4015dbe65896ca /ssl/t1_lib.c | |
parent | de2c7504ebd4ec15334ae151a31917753468f86f (diff) | |
download | openssl-e94a6c0ede623960728415b68650a595e48f5a43.tar.gz |
Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset
once the ChangeCipherSpec message is received. Previously, the server would
set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED.
This would allow a second CCS to arrive and would corrupt the server state.
(Because the first CCS would latch the correct keys and subsequent CCS
messages would have to be encrypted, a MitM attacker cannot exploit this,
though.)
Thanks to Joeri de Ruiter for reporting this issue.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 86203f1d2a..8b2b16bc87 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2504,7 +2504,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char #ifndef OPENSSL_NO_NEXTPROTONEG s->s3->next_proto_neg_seen = 0; #endif - s->tlsext_ticket_expected = 0; + s->tlsext_ticket_expected = 0; if (s->s3->alpn_selected) { |