You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21 lines
648 B
21 lines
648 B
Fix for TLS record tampering bug. A carefully crafted invalid |
|
handshake could crash OpenSSL with a NULL pointer exception. |
|
Thanks to Anton Johansson for reporting this issues. |
|
(CVE-2013-4353) |
|
diff --git a/ssl/s3_both.c b/ssl/s3_both.c |
|
index 1e5dcab..53b9390 100644 |
|
--- a/ssl/s3_both.c |
|
+++ b/ssl/s3_both.c |
|
@@ -210,7 +210,11 @@ static void ssl3_take_mac(SSL *s) |
|
{ |
|
const char *sender; |
|
int slen; |
|
- |
|
+ /* If no new cipher setup return immediately: other functions will |
|
+ * set the appropriate error. |
|
+ */ |
|
+ if (s->s3->tmp.new_cipher == NULL) |
|
+ return; |
|
if (s->state & SSL_ST_CONNECT) |
|
{ |
|
sender=s->method->ssl3_enc->server_finished_label;
|
|
|