From 843fc7b6814b1b2383031022e6b86b9fd298d3b8 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 16 Feb 2012 15:21:17 +0000 Subject: [PATCH] Fix bug in CVE-2011-4619: check we have really received a client hello before rejecting multiple SGC restarts. --- CHANGES | 5 ++++- ssl/s3_srvr.c | 15 +++++++-------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index db908c2c23..59de4639fa 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,10 @@ Changes between 0.9.8t and 0.9.8u [xx XXX xxxx] - *) + *) Fix CVE-2011-4619: make sure we really are receiving a + client hello before rejecting multiple SGC restarts. Thanks to + Ivan Nestlerode for discovering this bug. + [Steve Henson] Changes between 0.9.8s and 0.9.8t [18 Jan 2012] diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index f6102123d4..5ada1f1550 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -698,14 +698,6 @@ int ssl3_check_client_hello(SSL *s) int ok; long n; - /* We only allow the client to restart the handshake once per - * negotiation. */ - if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) - { - SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS); - return -1; - } - /* this function is called when we really expect a Certificate message, * so permit appropriate message length */ n=s->method->ssl_get_message(s, @@ -718,6 +710,13 @@ int ssl3_check_client_hello(SSL *s) s->s3->tmp.reuse_message = 1; if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) { + /* We only allow the client to restart the handshake once per + * negotiation. */ + if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) + { + SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS); + return -1; + } /* Throw away what we have done so far in the current handshake, * which will now be aborted. (A full SSL_clear would be too much.) */ #ifndef OPENSSL_NO_DH -- 2.34.1