Skip to content

Commit

Permalink
Multiblock corrupted pointer fix
Browse files Browse the repository at this point in the history 
OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This
feature only applies on 64 bit x86 architecture platforms that support AES
NI instructions. A defect in the implementation of "multiblock" can cause
OpenSSL's internal write buffer to become incorrectly set to NULL when
using non-blocking IO. Typically, when the user application is using a
socket BIO for writing, this will only result in a failed connection.
However if some other BIO is used then it is likely that a segmentation
fault will be triggered, thus enabling a potential DoS attack.

CVE-2015-0290

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
  • Loading branch information
@mattcaswell
mattcaswell committed Mar 19, 2015
1 parent 7ead0c8 commit 1d2a18d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion ssl/s3_pkt.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -804,7 +804,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)

i = ssl3_write_pending(s, type, &buf[tot], nw);
if (i <= 0) {
if (i < 0) {
if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) {
OPENSSL_free(wb->buf);
wb->buf = NULL;
}
Expand Down

0 comments on commit 1d2a18d

Please sign in to comment.