Fix seg fault with 0 p val in SKE
authorGuy Leaver (guleaver) <guleaver@cisco.com>
Fri, 7 Aug 2015 14:45:21 +0000 (15:45 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 11 Aug 2015 19:20:17 +0000 (20:20 +0100)
commitada57746b6b80beae73111fe1291bf8dd89af91c
treeee91f10fda6717d4143e893dc0da02c192f53421
parent5d786e9e2d08900cb823b73b0095f85eb2cedc7e
Fix seg fault with 0 p val in SKE

If a client receives a ServerKeyExchange for an anon DH ciphersuite with the
value of p set to 0 then a seg fault can occur. This commits adds a test to
reject p, g and pub key parameters that have a 0 value (in accordance with
RFC 5246)

The security vulnerability only affects master and 1.0.2, but the fix is
additionally applied to 1.0.1 for additional confidence.

CVE-2015-1794

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
ssl/s3_clnt.c
ssl/ssl.h
ssl/ssl_err.c