Permalink
Browse files

Fix null-pointer assignment in do_change_cipher_spec() revealed

by using the Codenomicon TLS Test Tool (CAN-2004-0079)

Prepare for 0.9.6m tagging and release

Submitted by: Steven Henson
Reviewed by: Joe Orton
Approved by: Mark Cox
  • Loading branch information...
iamamoose committed Mar 17, 2004
1 parent 8b3b01a commit 8ccf402239a07d23ab308c9dc11bfbe59bad3e65
Showing with 26 additions and 10 deletions.
  1. +4 −2 CHANGES
  2. +1 −1 FAQ
  3. +1 −1 LICENSE
  4. +4 −0 NEWS
  5. +2 −2 README
  6. +3 −1 STATUS
  7. +2 −2 crypto/opensslv.h
  8. +1 −1 openssl.spec
  9. +8 −0 ssl/s3_pkt.c
View
@@ -2,9 +2,11 @@
OpenSSL CHANGES
_______________
Changes between 0.9.6l and 0.9.6m [xx XXX xxxx]
Changes between 0.9.6l and 0.9.6m [17 Mar 2004]
*)
*) Fix null-pointer assignment in do_change_cipher_spec() revealed
by using the Codenomicon TLS Test Tool (CAN-2004-0079)
[Joe Orton, Steve Henson]
Changes between 0.9.6k and 0.9.6l [04 Nov 2003]
View
2 FAQ
@@ -63,7 +63,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
OpenSSL 0.9.7c was released on September 30, 2003.
OpenSSL 0.9.7d was released on March 17, 2004.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
View
@@ -12,7 +12,7 @@
---------------
/* ====================================================================
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
View
4 NEWS
@@ -5,6 +5,10 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 0.9.6l and OpenSSL 0.9.6m:
o Security: fix null-pointer bug leading to crash
Major changes between OpenSSL 0.9.6k and OpenSSL 0.9.6l:
o Security: fix ASN1 bug leading to large recursion
View
4 README
@@ -1,7 +1,7 @@
OpenSSL 0.9.6l 04 Nov 2003
OpenSSL 0.9.6m 17 Mar 2004
Copyright (c) 1998-2003 The OpenSSL Project
Copyright (c) 1998-2004 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
View
4 STATUS
@@ -1,14 +1,16 @@
OpenSSL STATUS Last modified at
______________ $Date: 2003/11/04 11:30:38 $
______________ $Date: 2004/03/17 11:40:42 $
DEVELOPMENT STATE
o OpenSSL 0.9.8: Under development...
o OpenSSL 0.9.7d: Released on March 17th, 2004
o OpenSSL 0.9.7c: Released on September 30th, 2003
o OpenSSL 0.9.7b: Released on April 10th, 2003
o OpenSSL 0.9.7a: Released on February 19th, 2003
o OpenSSL 0.9.7: Released on December 31st, 2002
o OpenSSL 0.9.6m: Released on March 17th, 2004
o OpenSSL 0.9.6l: Released on November 4th, 2003
o OpenSSL 0.9.6k: Released on September 30th, 2003
o OpenSSL 0.9.6j: Released on April 10th, 2003
View
@@ -25,8 +25,8 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
#define OPENSSL_VERSION_NUMBER 0x009060d0L
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6m-dev xx XXX xxxx"
#define OPENSSL_VERSION_NUMBER 0x009060dfL
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6m 17 Mar 2004"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
View
@@ -1,7 +1,7 @@
%define libmaj 0
%define libmin 9
%define librel 6
%define librev l
%define librev m
Release: 1
%define openssldir /var/ssl
View
@@ -1079,6 +1079,14 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
goto err;
}
/* Check we have a cipher to change to */
if (s->s3->tmp.new_cipher == NULL)
{
i=SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
goto err;
}
rr->length=0;
s->s3->change_cipher_spec=1;
if (!do_change_cipher_spec(s))

0 comments on commit 8ccf402

Please sign in to comment.