Additional CVE-2014-0224 protection.
[openssl.git] / ssl / s3_pkt.c
index 5efc03e5ec64ca886131bd45d73f5fa544a85d92..34eb2b442331f7cdee5d1fa17f3567bcfb380623 100644 (file)
@@ -1727,7 +1727,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
 
        if (s->s3->tmp.key_block == NULL)
                {
-               if (s->session == NULL
+               if (s->session == NULL || s->session->master_key_length == 0)
                        {
                        /* might happen if dtls1_read_bytes() calls this */
                        SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);