From f338c2e0c2ce1e89cf8eba2d38878081f46b9dce Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 25 Jul 2014 00:50:06 +0100
Subject: [PATCH] Fix SRP ciphersuite DoS vulnerability.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

If a client attempted to use an SRP ciphersuite and it had not been
set up correctly it would crash with a null pointer read. A malicious
server could exploit this in a DoS attack.

Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon
for reporting this issue.

CVE-2014-2970
Reviewed-by: Tim Hudson <tjh@openssl.org>
---
 ssl/t1_lib.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 9e5927f826..ba2d9ae8f0 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1086,6 +1086,13 @@ void ssl_set_client_disabled(SSL *s)
 		c->mask_k |= SSL_kPSK;
 		}
 #endif /* OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+	if (!(s->srp_ctx.srp_Mask & SSL_kSRP))
+		{
+		c->mask_a |= SSL_aSRP;
+		c->mask_k |= SSL_kSRP;
+		}
+#endif
 	c->valid = 1;
 	}
 
-- 
2.34.1