sanity check
authorBodo Möller <bodo@openssl.org>
Wed, 13 Aug 2008 19:45:06 +0000 (19:45 +0000)
committerBodo Möller <bodo@openssl.org>
Wed, 13 Aug 2008 19:45:06 +0000 (19:45 +0000)
PR: 1679

ssl/s3_pkt.c
ssl/ssl.h
ssl/ssl_err.c

index 07dd4b23d5204b6840c2b01e4af48d449ebafe76..7593ad91959b6be919d964c256e44f43d5eebfcf 100644 (file)
@@ -1302,6 +1302,13 @@ int ssl3_do_change_cipher_spec(SSL *s)
 
        if (s->s3->tmp.key_block == NULL)
                {
+               if (s->session == NULL) 
+                       {
+                       /* might happen if dtls1_read_bytes() calls this */
+                       SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
+                       return (0);
+                       }
+
                s->session->cipher=s->s3->tmp.new_cipher;
                if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
                }
index af6702030b38672267f22c8ad1b45781e047fdbd..ab13f0ddc4fa292f357c9a763f4e5fa79006db95 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1822,6 +1822,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_CONNECT                              132
 #define SSL_F_SSL3_CTRL                                         213
 #define SSL_F_SSL3_CTX_CTRL                             133
+#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC                292
 #define SSL_F_SSL3_ENC                                  134
 #define SSL_F_SSL3_GENERATE_KEY_BLOCK                   238
 #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST              135
index a93cc4c6741c9a012b39571e3bc73d76ea4db373..e8bfd830f94322f2e23bd837a6e5afcb5e6d29c8 100644 (file)
@@ -138,6 +138,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
 {ERR_FUNC(SSL_F_SSL3_CTRL),    "SSL3_CTRL"},
 {ERR_FUNC(SSL_F_SSL3_CTX_CTRL),        "SSL3_CTX_CTRL"},
+{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC),   "SSL3_DO_CHANGE_CIPHER_SPEC"},
 {ERR_FUNC(SSL_F_SSL3_ENC),     "SSL3_ENC"},
 {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK),      "SSL3_GENERATE_KEY_BLOCK"},
 {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"},