Skip to content
Permalink
Browse files
Multiblock corrupted pointer fix
OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This
feature only applies on 64 bit x86 architecture platforms that support AES
NI instructions. A defect in the implementation of "multiblock" can cause
OpenSSL's internal write buffer to become incorrectly set to NULL when
using non-blocking IO. Typically, when the user application is using a
socket BIO for writing, this will only result in a failed connection.
However if some other BIO is used then it is likely that a segmentation
fault will be triggered, thus enabling a potential DoS attack.

CVE-2015-0290

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
  • Loading branch information
mattcaswell committed Mar 19, 2015
1 parent 7ead0c8 commit 1d2a18dc5a3b3363e17db5af8b6b0273856ac077
Showing with 1 addition and 1 deletion.
  1. +1 −1 ssl/s3_pkt.c
@@ -804,7 +804,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)

i = ssl3_write_pending(s, type, &buf[tot], nw);
if (i <= 0) {
if (i < 0) {
if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) {
OPENSSL_free(wb->buf);
wb->buf = NULL;
}

0 comments on commit 1d2a18d

Please sign in to comment.