Fix SRP ciphersuite DoS vulnerability.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 29 Jul 2014 20:23:30 +0000 (21:23 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 6 Aug 2014 19:27:51 +0000 (20:27 +0100)
If a client attempted to use an SRP ciphersuite and it had not been
set up correctly it would crash with a null pointer read. A malicious
server could exploit this in a DoS attack.

Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon
for reporting this issue.

CVE-2014-5139
Reviewed-by: Tim Hudson <tjh@openssl.org>
ssl/s3_clnt.c
ssl/ssl_lib.c

index df05f78..0aba7e5 100644 (file)
@@ -954,6 +954,15 @@ int ssl3_get_server_hello(SSL *s)
                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
                goto f_err;
                }
+#ifndef OPENSSL_NO_SRP
+       if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP)) &&
+                   !(s->srp_ctx.srp_Mask & SSL_kSRP))
+               {
+               al=SSL_AD_ILLEGAL_PARAMETER;
+               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
+               goto f_err;
+               }
+#endif /* OPENSSL_NO_SRP */
        p+=ssl_put_cipher_by_char(s,NULL,NULL);
 
        sk=ssl_get_ciphers_by_id(s);
index ef6258c..82a2c80 100644 (file)
@@ -1406,6 +1406,11 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
                    s->psk_client_callback == NULL)
                        continue;
 #endif /* OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+               if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP)) &&
+                   !(s->srp_ctx.srp_Mask & SSL_kSRP))
+                   continue;
+#endif /* OPENSSL_NO_SRP */
                j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
                p+=j;
                }