File tree 3 files changed +11
-1
lines changed
3 files changed +11
-1
lines changed Original file line number Diff line number Diff line change 44
55 Changes between 1.0.1e and 1.0.1f [xx XXX xxxx]
66
7+ *) Fix for TLS record tampering bug. A carefully crafted invalid
8+ handshake could crash OpenSSL with a NULL pointer exception.
9+ Thanks to Anton Johansson for reporting this issues.
10+ (CVE-2013-4353)
11+
712 *) Keep original DTLS digest and encryption contexts in retransmission
813 structures so we can use the previous session parameters if they need
914 to be resent. (CVE-2013-6450)
Original file line number Diff line number Diff line change 77
88 Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [under development]
99
10+ o Fix for TLS record tampering bug CVE-2013-4353
1011 o Fix for TLS version checking bug CVE-2013-6449
1112 o Fix for DTLS retransmission bug CVE-2013-6450
1213
Original file line number Diff line number Diff line change @@ -210,7 +210,11 @@ static void ssl3_take_mac(SSL *s)
210210 {
211211 const char * sender ;
212212 int slen ;
213-
213+ /* If no new cipher setup return immediately: other functions will
214+ * set the appropriate error.
215+ */
216+ if (s -> s3 -> tmp .new_cipher == NULL )
217+ return ;
214218 if (s -> state & SSL_ST_CONNECT )
215219 {
216220 sender = s -> method -> ssl3_enc -> server_finished_label ;
You can’t perform that action at this time.
0 commit comments