Commit 80bd7b41 authored Jul 25, 2014 by Dr. Stephen Henson Committed by Matt Caswell Aug 06, 2014

Fix SRP ciphersuite DoS vulnerability.



If a client attempted to use an SRP ciphersuite and it had not been
set up correctly it would crash with a null pointer read. A malicious
server could exploit this in a DoS attack.

Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon
for reporting this issue.

CVE-2014-2970
Reviewed-by: Tim Hudson <tjh@openssl.org>

parent fb0bc2b2

ssl/t1_lib.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -1088,6 +1088,13 @@ void ssl_set_client_disabled(SSL *s)
		c->mask_k \|= SSL_kPSK;
		}
		#endif /* OPENSSL_NO_PSK */
		#ifndef OPENSSL_NO_SRP
		if (!(s->srp_ctx.srp_Mask & SSL_kSRP))
		{
		c->mask_a \|= SSL_aSRP;
		c->mask_k \|= SSL_kSRP;
		}
		#endif
		c->valid = 1;
		}