From: Dr. Stephen Henson <steve@openssl.org>
Date: Fri, 16 May 2014 11:55:16 +0000 (+0100)
Subject: Additional CVE-2014-0224 protection.
X-Git-Tag: OpenSSL_1_0_0m~5
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=123370fb9437e016b5a5192166ad027b90c73d9b;p=oweals%2Fopenssl.git

Additional CVE-2014-0224 protection.

Return a fatal error if an attempt is made to use a zero length
master secret.
---

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 8950e902a6..807cfc5523 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1398,7 +1398,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
 
 	if (s->s3->tmp.key_block == NULL)
 		{
-		if (s->session == NULL) 
+		if (s->session == NULL || s->session->master_key_length == 0)
 			{
 			/* might happen if dtls1_read_bytes() calls this */
 			SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);