From HEAD:

Fix flaw if 'Server Key exchange message' is omitted from a TLS handshake which could lead to a cilent crash as found using the Codenomicon TLS test suite (CVE-2008-1672) Reviewed by: openssl-security@openssl.org Obtained from: mark@awe.com
author: Bodo Möller <bodo@openssl.org> 2008-05-28 22:17:34 +0000
committer: Bodo Möller <bodo@openssl.org> 2008-05-28 22:17:34 +0000
commit: e194fe8f47a5bdc7a9eab19b4d387d00c410e633 (patch)
tree: a56ac06e08b50d862dbe66cbd9389183ada44740 /ssl/s3_clnt.c
parent: 40a706286febe0279336c96374c607daaa1b1d49 (diff)
download: openssl-e194fe8f47a5bdc7a9eab19b4d387d00c410e633.zip
openssl-e194fe8f47a5bdc7a9eab19b4d387d00c410e633.tar.gz
openssl-e194fe8f47a5bdc7a9eab19b4d387d00c410e633.tar.bz2
1 files changed, 7 insertions, 0 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 4ca47fa..23875f0 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2143,6 +2143,13 @@ int ssl3_send_client_key_exchange(SSL *s)
 			{
 			DH *dh_srvr,*dh_clnt;
 
+			if (s->session->sess_cert == NULL) 
+				{
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+				goto err;
+				}
+
 			if (s->session->sess_cert->peer_dh_tmp != NULL)
 				dh_srvr=s->session->sess_cert->peer_dh_tmp;
 			else
author	Bodo Möller <bodo@openssl.org>	2008-05-28 22:17:34 +0000
committer	Bodo Möller <bodo@openssl.org>	2008-05-28 22:17:34 +0000
commit	e194fe8f47a5bdc7a9eab19b4d387d00c410e633 (patch)
tree	a56ac06e08b50d862dbe66cbd9389183ada44740 /ssl/s3_clnt.c
parent	40a706286febe0279336c96374c607daaa1b1d49 (diff)
download	openssl-e194fe8f47a5bdc7a9eab19b4d387d00c410e633.zip openssl-e194fe8f47a5bdc7a9eab19b4d387d00c410e633.tar.gz openssl-e194fe8f47a5bdc7a9eab19b4d387d00c410e633.tar.bz2