From f338c2e0c2ce1e89cf8eba2d38878081f46b9dce Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 25 Jul 2014 00:50:06 +0100 Subject: [PATCH] Fix SRP ciphersuite DoS vulnerability. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit If a client attempted to use an SRP ciphersuite and it had not been set up correctly it would crash with a null pointer read. A malicious server could exploit this in a DoS attack. Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon for reporting this issue. CVE-2014-2970 Reviewed-by: Tim Hudson --- ssl/t1_lib.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 9e5927f826..ba2d9ae8f0 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1086,6 +1086,13 @@ void ssl_set_client_disabled(SSL *s) c->mask_k |= SSL_kPSK; } #endif /* OPENSSL_NO_PSK */ +#ifndef OPENSSL_NO_SRP + if (!(s->srp_ctx.srp_Mask & SSL_kSRP)) + { + c->mask_a |= SSL_aSRP; + c->mask_k |= SSL_kSRP; + } +#endif c->valid = 1; } -- 2.40.0