Fix SRP ciphersuite DoS vulnerability.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 24 Jul 2014 23:50:06 +0000 (00:50 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 6 Aug 2014 19:41:24 +0000 (20:41 +0100)
commitf338c2e0c2ce1e89cf8eba2d38878081f46b9dce
treedb100a18f5978eb3e4cfc80a5f840b948dad0ca8
parent92aa73bcbfad44f9dd7997ae51537ac5d7dc201e
Fix SRP ciphersuite DoS vulnerability.

If a client attempted to use an SRP ciphersuite and it had not been
set up correctly it would crash with a null pointer read. A malicious
server could exploit this in a DoS attack.

Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon
for reporting this issue.

CVE-2014-2970
Reviewed-by: Tim Hudson <tjh@openssl.org>
ssl/t1_lib.c