Avoid a NULL dereference in the DTLS client that can be triggered by a

crafted server response used in conjunction with an anonymous DH or anonymous ECDH ciphersuite. Fixes CVE-2014-3510, which is effectively a repeat of CVE-2014-3470 in copied code. Reported by Felix Groebert of the Google Security Team. ok beck@ miod@
robertbachmann · 3382f504da7a17b786828e0d2808bb5685689247 · jsing committed Nov 27, 2014 · Nov 27, 2014 · 3382f50
1 parent 04b7f2e
commit 3382f504da7a17b786828e0d2808bb5685689247
Unified Split

Showing with 9 additions and 1 deletion.

+9 −1 src/ssl/d1_clnt.c
diff --git a/src/ssl/d1_clnt.c b/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.36 2014/10/18 16:13:16 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.37 2014/11/16 14:12:47 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -934,6 +934,14 @@ dtls1_send_client_key_exchange(SSL *s)
 
 		alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 
+		if (s->session->sess_cert == NULL) {
+			ssl3_send_alert(s, SSL3_AL_FATAL,
+			    SSL_AD_HANDSHAKE_FAILURE);
+			SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+			    ERR_R_INTERNAL_ERROR);
+			goto err;
+		}
+
 		if (alg_k & SSL_kRSA) {
 			RSA *rsa;
 			unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];