Additional CVE-2014-0224 protection.

Return a fatal error if an attempt is made to use a zero length master secret. (cherry picked from commit 006cd7083f76ed5cb0d9a914857e9231ef1bc317)

Additional CVE-2014-0224 protection.
Return a fatal error if an attempt is made to use a zero length master secret. (cherry picked from commit 006cd7083f76ed5cb0d9a914857e9231ef1bc317)
a7c682fb · Dr. Stephen Henson · b4322e1d · a7c682fb
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

ssl/s3_pkt.c ssl/s3_pkt.c +1 -1

未找到文件。
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1727,7 +1727,7 @@ int ssl3_do_change_cipher_spec(SSL *s)

 	if (s->s3->tmp.key_block == NULL)
 		{
-		if (s->session == NULL) 
+		if (s->session == NULL || s->session->master_key_length == 0)
 			{
 			/* might happen if dtls1_read_bytes() calls this */
 			SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);