From: Dr. Stephen Henson Date: Fri, 16 May 2014 11:55:16 +0000 (+0100) Subject: Additional CVE-2014-0224 protection. X-Git-Tag: OpenSSL_1_0_1h~4 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=006cd7083f76ed5cb0d9a914857e9231ef1bc317;p=oweals%2Fopenssl.git Additional CVE-2014-0224 protection. Return a fatal error if an attempt is made to use a zero length master secret. --- diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 98c36e6b36..59011e39c6 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1459,7 +1459,7 @@ int ssl3_do_change_cipher_spec(SSL *s) if (s->s3->tmp.key_block == NULL) { - if (s->session == NULL) + if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);