From 82d63d3028e3f79940ee85465e99165b00620e57 Mon Sep 17 00:00:00 2001 From: "Mark J. Cox" Date: Wed, 17 Mar 2004 12:01:19 +0000 Subject: [PATCH] Fix null-pointer assignment in do_change_cipher_spec() revealed by using the Codenomicon TLS Test Tool (CAN-2004-0079) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites (CAN-2004-0112) Ready for 0.9.7d build Submitted by: Steven Henson Reviewed by: Joe Orton Approved by: Mark Cox --- CHANGES | 10 +++++++++- FAQ | 2 +- LICENSE | 2 +- NEWS | 8 ++++++++ README | 4 ++-- STATUS | 5 ++++- crypto/opensslv.h | 4 ++-- openssl.spec | 2 +- ssl/s3_pkt.c | 8 ++++++++ ssl/s3_srvr.c | 16 ++++++++++++++++ 10 files changed, 52 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index c2ad5a196b..4a0363a1c2 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,15 @@ OpenSSL CHANGES _______________ - Changes between 0.9.7c and 0.9.7d [xx XXX XXXX] + Changes between 0.9.7c and 0.9.7d [17 Mar 2004] + + *) Fix null-pointer assignment in do_change_cipher_spec() revealed + by using the Codenomicon TLS Test Tool (CAN-2004-0079) + [Joe Orton, Steve Henson] + + *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites + (CAN-2004-0112) + [Joe Orton, Steve Henson] *) Make it possible to have multiple active certificates with the same subject in the CA index file. This is done only if the keyword diff --git a/FAQ b/FAQ index 01e2ccf18a..0b40039ef8 100644 --- a/FAQ +++ b/FAQ @@ -68,7 +68,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from . -OpenSSL 0.9.7c was released on September 30, 2003. +OpenSSL 0.9.7d was released on March 17, 2004. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at s3->tmp.new_cipher == NULL) + { + i=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY); + goto err; + } + rr->length=0; if (s->msg_callback) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 57f1d3f52a..deb3cffabe 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1588,11 +1588,27 @@ static int ssl3_get_client_key_exchange(SSL *s) n2s(p,i); enc_ticket.length = i; + + if (n < enc_ticket.length + 6) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSL_R_DATA_LENGTH_TOO_LONG); + goto err; + } + enc_ticket.data = (char *)p; p+=enc_ticket.length; n2s(p,i); authenticator.length = i; + + if (n < enc_ticket.length + authenticator.length + 6) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSL_R_DATA_LENGTH_TOO_LONG); + goto err; + } + authenticator.data = (char *)p; p+=authenticator.length; -- 2.25.1