Additional CVE-2014-0224 protection.

Return a fatal error if an attempt is made to use a zero length
master secret.
(cherry picked from commit 006cd7083f76ed5cb0d9a914857e9231ef1bc317)

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index d0f3c764a3aa2777a8cc1983d7696fab334e8c50..ccd82df31401e6345785bc47afa4d3142f1f92b0 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1632,7 +1632,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
 
        if (s->s3->tmp.key_block == NULL)
                {
-               if (s->session == NULL) 
+               if (s->session == NULL || s->session->master_key_length == 0)
                        {
                        /* might happen if dtls1_read_bytes() calls this */
                        SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);