Additional CVE-2014-0224 protection.

Return a fatal error if an attempt is made to use a zero length master secret. (Imported from upstream's 9d2c9dd1e1a452939a733b638d180bb308ce72a9)
2014-06-20 12:00:00 -07:00 · 2014-06-20 12:00:00 -07:00 · ec48ffc1fe
commit ec48ffc1fe
parent 895780572b
1 changed files with 1 additions and 1 deletions
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@ -1458,7 +1458,7 @@ int ssl3_do_change_cipher_spec(SSL *s)

 	if (s->s3->tmp.key_block == NULL)
 		{
-		if (s->session == NULL) 
+		if (s->session == NULL || s->session->master_key_length == 0)
 			{
 			/* might happen if dtls1_read_bytes() calls this */
 			OPENSSL_PUT_ERROR(SSL, ssl3_do_change_cipher_spec, SSL_R_CCS_RECEIVED_EARLY);