Google Git
Sign in
flutter/third_party/openssl/a5362db4603910b1bb978163e0e7dc8890727300^!/./ssl/s3_clnt.c
commit
a5362db4603910b1bb978163e0e7dc8890727300
[log]
author
Dr. Stephen Henson <steve@openssl.org>
Thu May 29 15:00:05 2014 +0100
committer
Dr. Stephen Henson <steve@openssl.org>
Thu Jun 05 13:21:50 2014 +0100
tree
98c8aa969de27807d5edfb4b472493863dc45541
parent
d86689e1d96a7f55f8266a2b8fee623fbba4b07d [diff] [blame]
Fix CVE-2014-3470

Check session_cert is not NULL before dereferencing it.
(cherry picked from commit 8011cd56e39a433b1837465259a9bd24a38727fb)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 9a0b1bd..5fc9069 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c

@@ -2712,6 +2712,13 @@
 			int ecdh_clnt_cert = 0;
 			int field_size = 0;
 
+			if (s->session->sess_cert == NULL) 
+				{
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+				goto err;
+				}
+
 			/* Did we send out the client's
 			 * ECDH share for use in premaster
 			 * computation as part of client certificate?