Commit d3cc5e61 authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix DHE Null CKE vulnerability 



If client auth is used then a server can seg fault in the event of a DHE
cipher being used and a zero length ClientKeyExchange message being sent
by the client. This could be exploited in a DoS attack.

CVE-2015-1787

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent 34e3edbf

ssl/s3_srvr.c

+9 −2
Original line number Diff line number Diff line
@@ -2233,10 +2233,17 @@ int ssl3_get_client_key_exchange(SSL *s) 
    if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) {

        int idx = -1;

        EVP_PKEY *skey = NULL;

        if (n)

        if (n > 1) {

            n2s(p, i);

        else

        } else {

            if (alg_k & SSL_kDHE) {

                al = SSL_AD_HANDSHAKE_FAILURE;

                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

                       SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);

                goto f_err;

            }

            i = 0;

        }

        if (n && n != i + 2) {

            if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {

                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,