From: Dr. Stephen Henson Date: Fri, 16 May 2014 11:55:16 +0000 (+0100) Subject: Additional CVE-2014-0224 protection. X-Git-Tag: master-post-reformat~736 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a7c682fb6f692c9a3868777a7ff305784714c131;p=oweals%2Fopenssl.git Additional CVE-2014-0224 protection. Return a fatal error if an attempt is made to use a zero length master secret. (cherry picked from commit 006cd7083f76ed5cb0d9a914857e9231ef1bc317) --- diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 5efc03e5ec..34eb2b4423 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1727,7 +1727,7 @@ int ssl3_do_change_cipher_spec(SSL *s) if (s->s3->tmp.key_block == NULL) { - if (s->session == NULL) + if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);