Fix SRP ciphersuite DoS vulnerability. If a client attempted to use an SRP ciphersuite and it had not been set up correctly it would crash with a null pointer read. A malicious server could exploit this in a DoS attack. Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon for reporting this issue. CVE-2014-2970 Reviewed-by: Tim Hudson <tjh@openssl.org>

commit: 80bd7b41b30af6ee96f519e629463583318de3b0 [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Fri Jul 25 00:50:06 2014 +0100
committer: Matt Caswell <matt@openssl.org> Wed Aug 06 20:36:41 2014 +0100
tree: 827671d277fa089328058964009069671ead5157
parent: fb0bc2b273bcc2d5401dd883fe869af4fc74bb21 [diff] [blame]
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 749d88d..3616c0a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -1088,6 +1088,13 @@
 		c->mask_k |= SSL_kPSK;
 		}
 #endif /* OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+	if (!(s->srp_ctx.srp_Mask & SSL_kSRP))
+		{
+		c->mask_a |= SSL_aSRP;
+		c->mask_k |= SSL_kSRP;
+		}
+#endif
 	c->valid = 1;
 	}
commit	80bd7b41b30af6ee96f519e629463583318de3b0	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Fri Jul 25 00:50:06 2014 +0100
committer	Matt Caswell <matt@openssl.org>	Wed Aug 06 20:36:41 2014 +0100
tree	827671d277fa089328058964009069671ead5157
parent	fb0bc2b273bcc2d5401dd883fe869af4fc74bb21 [diff] [blame]