Fix Seg fault in DTLSv1_listen

The DTLSv1_listen function is intended to be stateless and processes
the initial ClientHello from many peers. It is common for user code to
loop over the call to DTLSv1_listen until a valid ClientHello is received
with an associated cookie. A defect in the implementation of DTLSv1_listen
means that state is preserved in the SSL object from one invokation to the
next that can lead to a segmentation fault. Erorrs processing the initial
ClientHello can trigger this scenario. An example of such an error could
be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only
server.

CVE-2015-0207

Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 626cecbcbf65fe2d6c0cb2d1f8f6a5dfbcce819d..e9a2fc5bf85c81536b2ad45207381df1ecda4f28 100644 (file)
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -546,6 +546,9 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
 {
     int ret;
 
+    /* Ensure there is no state left over from a previous invocation */
+    SSL_clear(s);
+
     SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
     s->d1->listen = 1;