diff options
| author | Guy Leaver (guleaver) <guleaver@cisco.com> | 2015-08-07 15:45:21 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-08-11 19:57:01 +0100 |
| commit | 61e72d761c945e128ca13599a98a187ac23650dd (patch) | |
| tree | 0b44d9a8ab9565b493f6281db36ac0aa15bd4b0e /include/openssl | |
| parent | 870063c83db6514b0cb637b86cadbc9f5c2270a9 (diff) | |
| download | openssl-61e72d761c945e128ca13599a98a187ac23650dd.zip openssl-61e72d761c945e128ca13599a98a187ac23650dd.tar.gz openssl-61e72d761c945e128ca13599a98a187ac23650dd.tar.bz2 | |
Fix seg fault with 0 p val in SKE
If a client receives a ServerKeyExchange for an anon DH ciphersuite with the
value of p set to 0 then a seg fault can occur. This commits adds a test to
reject p, g and pub key parameters that have a 0 value (in accordance with
RFC 5246)
The security vulnerability only affects master and 1.0.2, but the fix is
additionally applied to 1.0.1 for additional confidence.
CVE-2015-1794
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'include/openssl')
| -rw-r--r-- | include/openssl/ssl.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 4958e89..28c2fb9 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2107,8 +2107,11 @@ void ERR_load_SSL_strings(void); # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 # define SSL_R_BAD_DECOMPRESSION 107 # define SSL_R_BAD_DH_G_LENGTH 108 +# define SSL_R_BAD_DH_G_VALUE 375 # define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 +# define SSL_R_BAD_DH_PUB_KEY_VALUE 393 # define SSL_R_BAD_DH_P_LENGTH 110 +# define SSL_R_BAD_DH_P_VALUE 395 # define SSL_R_BAD_DIGEST_LENGTH 111 # define SSL_R_BAD_DSA_SIGNATURE 112 # define SSL_R_BAD_ECC_CERT 304 |