From d3cc5e610d1719a35cda52c9152134b490a8c944 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 10 Mar 2015 16:38:32 +0000 Subject: [PATCH] Fix DHE Null CKE vulnerability If client auth is used then a server can seg fault in the event of a DHE cipher being used and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. CVE-2015-1787 Reviewed-by: Richard Levitte --- ssl/s3_srvr.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index e5346b6aff..f8c7e373cd 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2233,10 +2233,17 @@ int ssl3_get_client_key_exchange(SSL *s) if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) { int idx = -1; EVP_PKEY *skey = NULL; - if (n) + if (n > 1) { n2s(p, i); - else + } else { + if (alg_k & SSL_kDHE) { + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); + goto f_err; + } i = 0; + } if (n && n != i + 2) { if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, -- 2.25.1