]> git.ipfire.org Git - thirdparty/openssl.git/commit
Fix reachable assert in SSLv2 servers.
authorEmilia Kasper <emilia@openssl.org>
Wed, 4 Mar 2015 17:05:02 +0000 (09:05 -0800)
committerMatt Caswell <matt@openssl.org>
Thu, 19 Mar 2015 13:00:45 +0000 (13:00 +0000)
commit65c588c140c5c1c349d69abfea1b92c52fe35d0b
treecfdad58b276eebab8b0caae609b131bcc33996e1
parent544e3e3b69d080ee87721bd03c37b4d450384fb9
Fix reachable assert in SSLv2 servers.

This assert is reachable for servers that support SSLv2 and export ciphers.
Therefore, such servers can be DoSed by sending a specially crafted
SSLv2 CLIENT-MASTER-KEY.

Also fix s2_srvr.c to error out early if the key lengths are malformed.
These lengths are sent unencrypted, so this does not introduce an oracle.

CVE-2015-0293

This issue was discovered by Sean Burford (Google) and Emilia Käsper of
the OpenSSL development team.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
ssl/s2_lib.c
ssl/s2_srvr.c