Skip to content

Commit

Permalink
Fix SRP ciphersuite DoS vulnerability.
Browse files Browse the repository at this point in the history
If a client attempted to use an SRP ciphersuite and it had not been
set up correctly it would crash with a null pointer read. A malicious
server could exploit this in a DoS attack.

Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon
for reporting this issue.

CVE-2014-2970
Reviewed-by: Tim Hudson <tjh@openssl.org>
  • Loading branch information
snhenson authored and mattcaswell committed Aug 6, 2014
1 parent fb0bc2b commit 80bd7b4
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions ssl/t1_lib.c
Original file line number Diff line number Diff line change
Expand Up @@ -1088,6 +1088,13 @@ void ssl_set_client_disabled(SSL *s)
c->mask_k |= SSL_kPSK;
}
#endif /* OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_SRP
if (!(s->srp_ctx.srp_Mask & SSL_kSRP))
{
c->mask_a |= SSL_aSRP;
c->mask_k |= SSL_kSRP;
}
#endif
c->valid = 1;
}

Expand Down

0 comments on commit 80bd7b4

Please sign in to comment.