From: Bodo Möller Date: Wed, 28 May 2008 22:17:34 +0000 (+0000) Subject: From HEAD: X-Git-Tag: OpenSSL_0_9_8k^2~380 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=e194fe8f47a5bdc7a9eab19b4d387d00c410e633;p=oweals%2Fopenssl.git From HEAD: Fix flaw if 'Server Key exchange message' is omitted from a TLS handshake which could lead to a cilent crash as found using the Codenomicon TLS test suite (CVE-2008-1672) Reviewed by: openssl-security@openssl.org Obtained from: mark@awe.com --- diff --git a/CHANGES b/CHANGES index 5d6c7a8d0a..f8b112ff12 100644 --- a/CHANGES +++ b/CHANGES @@ -690,6 +690,11 @@ Changes between 0.9.8g and 0.9.8h [xx XXX xxxx] + *) Fix flaw if 'Server Key exchange message' is omitted from a TLS + handshake which could lead to a cilent crash as found using the + Codenomicon TLS test suite (CVE-2008-1672) + [Steve Henson, Mark Cox] + *) Fix double free in TLS server name extensions which could lead to a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) [Joe Orton] diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 4ca47faf51..23875f00e0 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2143,6 +2143,13 @@ int ssl3_send_client_key_exchange(SSL *s) { DH *dh_srvr,*dh_clnt; + if (s->session->sess_cert == NULL) + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); + goto err; + } + if (s->session->sess_cert->peer_dh_tmp != NULL) dh_srvr=s->session->sess_cert->peer_dh_tmp; else