[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
Matt Caswell
matt at openssl.org
Tue Jun 2 08:18:56 UTC 2015
The branch OpenSSL_1_0_1-stable has been updated
via cce3e4adb78a8d3eeb6e0e4efe332fcc5d75f615 (commit)
from f3e85f43598a1511b72c3813a71e403f19ddf458 (commit)
- Log -----------------------------------------------------------------
commit cce3e4adb78a8d3eeb6e0e4efe332fcc5d75f615
Author: Matt Caswell <matt at openssl.org>
Date: Mon Mar 9 16:09:04 2015 +0000
Clear state in DTLSv1_listen
This is a backport of commit e83ee04bb7de800cdb71d522fa562e99328003a3 from
the master branch (and this has also been applied to 1.0.2). In 1.0.2 this
was CVE-2015-0207. For other branches there is no known security issue, but
this is being backported as a precautionary measure.
The DTLSv1_listen function is intended to be stateless and processes
the initial ClientHello from many peers. It is common for user code to
loop over the call to DTLSv1_listen until a valid ClientHello is received
with an associated cookie. A defect in the implementation of DTLSv1_listen
means that state is preserved in the SSL object from one invokation to the
next.
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/d1_lib.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 94acb15..011d7b7 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -496,6 +496,9 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
{
int ret;
+ /* Ensure there is no state left over from a previous invocation */
+ SSL_clear(s);
+
SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
s->d1->listen = 1;
More information about the openssl-commits
mailing list