Fix SRP ciphersuite DoS vulnerability.
If a client attempted to use an SRP ciphersuite and it had not been set up correctly it would crash with a null pointer read. A malicious server could exploit this in a DoS attack. Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon for reporting this issue. CVE-2014-2970 Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Dr. Stephen Henson
Matt Caswell
parent
fb0bc2b273
commit
80bd7b41b3
1 changed files with 7 additions and 0 deletions
|
|
@ -1088,6 +1088,13 @@ void ssl_set_client_disabled(SSL *s)
|
|||
c->mask_k |= SSL_kPSK;
|
||||
}
|
||||
#endif /* OPENSSL_NO_PSK */
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
if (!(s->srp_ctx.srp_Mask & SSL_kSRP))
|
||||
{
|
||||
c->mask_a |= SSL_aSRP;
|
||||
c->mask_k |= SSL_kSRP;
|
||||
}
|
||||
#endif
|
||||
c->valid = 1;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue