kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix CVE-2014-0221

Browse Source 
Unnecessary recursion when receiving a DTLS hello request can be used to
crash a DTLS client. Fixed by handling DTLS hello request without
recursion.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.

(Imported from upstream's 8942b92c7cb5fa144bd79b7607b459d0b777164c)
This commit is contained in:
Adam Langley 2014-06-20 12:00:00 -07:00
parent d06eddd15c
commit 895780572b
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/d1_both.c
View File

@ -792,6 +792,7 @@ dtls1_get_message_fragment(SSL *s, int stn, long max, int *ok)
int i,al;
struct hm_header_st msg_hdr;
redo:
/* see if we have the required fragment already */
if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
{
@ -850,8 +851,7 @@ dtls1_get_message_fragment(SSL *s, int stn, long max, int *ok)
s->msg_callback_arg);
s->init_num = 0;
return dtls1_get_message_fragment(s, stn,
max, ok);
goto redo;
}
else /* Incorrectly formated Hello request */
{