[Pkg-openssl-changes] r320 - in openssl/trunk: debian ssl

chrism at alioth.debian.org chrism at alioth.debian.org
Tue Jun 10 13:17:10 UTC 2008 

Author: chrism
Date: 2008-06-10 13:17:09 +0000 (Tue, 10 Jun 2008)
New Revision: 320

Modified:
   openssl/trunk/debian/changelog
   openssl/trunk/ssl/s3_clnt.c
Log:
  - Fix denial of service if the 'Server Key exchange message'
    is omitted from a TLS handshake which could lead to a client
    crash (CVE-2008-1672; Closes: #483379).
    This only works if openssl is compiled with enable-tlsext which is
    done in Debian.

Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog	2008-06-10 13:16:06 UTC (rev 319)
+++ openssl/trunk/debian/changelog	2008-06-10 13:17:09 UTC (rev 320)
@@ -9,8 +9,13 @@
   * include fixes from 10.1 NMB by Security team
     - Fix double free in TLS server name extension which leads to a remote
       denial of service (CVE-2008-0891; Closes: #483379).
+    - Fix denial of service if the 'Server Key exchange message'
+      is omitted from a TLS handshake which could lead to a client
+      crash (CVE-2008-1672; Closes: #483379).
+      This only works if openssl is compiled with enable-tlsext which is
+      done in Debian.
 
- -- Christoph Martin <christoph.martin at uni-mainz.de>  Tue, 10 Jun 2008 12:06:37 +0200
+ -- Christoph Martin <christoph.martin at uni-mainz.de>  Tue, 10 Jun 2008 15:07:42 +0200
 
 openssl (0.9.8g-10) unstable; urgency=low
 

Modified: openssl/trunk/ssl/s3_clnt.c
===================================================================
--- openssl/trunk/ssl/s3_clnt.c	2008-06-10 13:16:06 UTC (rev 319)
+++ openssl/trunk/ssl/s3_clnt.c	2008-06-10 13:17:09 UTC (rev 320)
@@ -1967,6 +1967,13 @@
 			{
 			DH *dh_srvr,*dh_clnt;
 
+			if (s->session->sess_cert == NULL)
+			{
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+				goto err;
+			}
+
 			if (s->session->sess_cert->peer_dh_tmp != NULL)
 				dh_srvr=s->session->sess_cert->peer_dh_tmp;
 			else

More information about the Pkg-openssl-changes mailing list