Permalink
Browse files

Fix DHE Null CKE vulnerability

If client auth is used then a server can seg fault in the event of a DHE
cipher being used and a zero length ClientKeyExchange message being sent
by the client. This could be exploited in a DoS attack.

CVE-2015-1787

Reviewed-by: Richard Levitte <levitte@openssl.org>
  • Loading branch information...
mattcaswell committed Mar 10, 2015
1 parent 34e3edb commit d3cc5e610d1719a35cda52c9152134b490a8c944
Showing with 9 additions and 2 deletions.
  1. +9 −2 ssl/s3_srvr.c
@@ -2233,10 +2233,17 @@ int ssl3_get_client_key_exchange(SSL *s)
if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) {
int idx = -1;
EVP_PKEY *skey = NULL;
if (n)
if (n > 1) {
n2s(p, i);
else
} else {
if (alg_k & SSL_kDHE) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
goto f_err;
}
i = 0;
}
if (n && n != i + 2) {
if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

0 comments on commit d3cc5e6

Please sign in to comment.