OpenSSL CHANGES
_______________
- Changes between 0.9.6l and 0.9.6m [xx XXX xxxx]
+ Changes between 0.9.6l and 0.9.6m [17 Mar 2004]
- *)
+ *) Fix null-pointer assignment in do_change_cipher_spec() revealed
+ by using the Codenomicon TLS Test Tool (CAN-2004-0079)
+ [Joe Orton, Steve Henson]
Changes between 0.9.6k and 0.9.6l [04 Nov 2003]
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7c was released on September 30, 2003.
+OpenSSL 0.9.7d was released on March 17, 2004.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
---------------
/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.6l and OpenSSL 0.9.6m:
+
+ o Security: fix null-pointer bug leading to crash
+
Major changes between OpenSSL 0.9.6k and OpenSSL 0.9.6l:
o Security: fix ASN1 bug leading to large recursion
- OpenSSL 0.9.6l 04 Nov 2003
+ OpenSSL 0.9.6m 17 Mar 2004
- Copyright (c) 1998-2003 The OpenSSL Project
+ Copyright (c) 1998-2004 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
OpenSSL STATUS Last modified at
- ______________ $Date: 2003/11/04 11:30:38 $
+ ______________ $Date: 2004/03/17 11:40:42 $
DEVELOPMENT STATE
o OpenSSL 0.9.8: Under development...
+ o OpenSSL 0.9.7d: Released on March 17th, 2004
o OpenSSL 0.9.7c: Released on September 30th, 2003
o OpenSSL 0.9.7b: Released on April 10th, 2003
o OpenSSL 0.9.7a: Released on February 19th, 2003
o OpenSSL 0.9.7: Released on December 31st, 2002
+ o OpenSSL 0.9.6m: Released on March 17th, 2004
o OpenSSL 0.9.6l: Released on November 4th, 2003
o OpenSSL 0.9.6k: Released on September 30th, 2003
o OpenSSL 0.9.6j: Released on April 10th, 2003
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x009060d0L
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6m-dev xx XXX xxxx"
+#define OPENSSL_VERSION_NUMBER 0x009060dfL
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6m 17 Mar 2004"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
%define libmaj 0
%define libmin 9
%define librel 6
-%define librev l
+%define librev m
Release: 1
%define openssldir /var/ssl
goto err;
}
+ /* Check we have a cipher to change to */
+ if (s->s3->tmp.new_cipher == NULL)
+ {
+ i=SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
+ goto err;
+ }
+
rr->length=0;
s->s3->change_cipher_spec=1;
if (!do_change_cipher_spec(s))