Fix for CVE-2015-0291

If a client renegotiates using an invalid signature algorithms extension
it will crash a server with a NULL pointer dereference.

Thanks to David Ramos of Stanford University for reporting this bug.

CVE-2015-0291

Reviewed-by: Tim Hudson <tjh@openssl.org>
Conflicts:
	ssl/t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 6e991e093830ca6579f188905a6665a4a2d9157a..d85d26e596d935d0298245c3bbb68a5d53218291 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2967,6 +2967,7 @@ int tls1_set_server_sigalgs(SSL *s)
     if (s->cert->shared_sigalgs) {
         OPENSSL_free(s->cert->shared_sigalgs);
         s->cert->shared_sigalgs = NULL;
+        s->cert->shared_sigalgslen = 0;
     }
     /* Clear certificate digests and validity flags */
     for (i = 0; i < SSL_PKEY_NUM; i++) {
@@ -3620,6 +3621,7 @@ static int tls1_set_shared_sigalgs(SSL *s)
     if (c->shared_sigalgs) {
         OPENSSL_free(c->shared_sigalgs);
         c->shared_sigalgs = NULL;
+        c->shared_sigalgslen = 0;
     }
     /* If client use client signature algorithms if not NULL */
     if (!s->server && c->client_sigalgs && !is_suiteb) {
@@ -3642,12 +3644,14 @@ static int tls1_set_shared_sigalgs(SSL *s)
         preflen = c->peer_sigalgslen;
     }
     nmatch = tls12_do_shared_sigalgs(NULL, pref, preflen, allow, allowlen);
-    if (!nmatch)
-        return 1;
-    salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
-    if (!salgs)
-        return 0;
-    nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen);
+    if (nmatch) {
+        salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
+        if (!salgs)
+            return 0;
+        nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen);
+    } else {
+        salgs = NULL;
+    }
     c->shared_sigalgs = salgs;
     c->shared_sigalgslen = nmatch;
     return 1;