Fix DHE Null CKE vulnerability

If client auth is used then a server can seg fault in the event of a DHE cipher being used and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. CVE-2015-1787 Reviewed-by: N Richard Levitte <levitte@openssl.org>

Fix DHE Null CKE vulnerability
If client auth is used then a server can seg fault in the event of a DHE cipher being used and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. CVE-2015-1787 Reviewed-by: N Richard Levitte <levitte@openssl.org>
d3cc5e61 · Matt Caswell · 34e3edbf · d3cc5e61
隐藏空白更改
内联并排

Showing with 9 addition and 2 deletion

ssl/s3_srvr.c ssl/s3_srvr.c +9 -2

未找到文件。
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2233,10 +2233,17 @@ int ssl3_get_client_key_exchange(SSL *s)
    if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) {
        int idx = -1;
        EVP_PKEY *skey = NULL;
-        if (n)
+        if (n > 1) {
            n2s(p, i);
-        else
+        } else {
+            if (alg_k & SSL_kDHE) {
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                       SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+                goto f_err;
+            }
            i = 0;
+        }
        if (n && n != i + 2) {
            if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,