[openssl-commits] [openssl] OpenSSL_1_0_0-stable update

Matt Caswell matt at openssl.org
Tue Jun 2 08:19:07 UTC 2015

The branch OpenSSL_1_0_0-stable has been updated
       via  98377858d14e6582c6dbca4a8bee8c9972ec0a7c (commit)
      from  aaa654d607f85cbab320e712377a8a345fa1158c (commit)

- Log -----------------------------------------------------------------
commit 98377858d14e6582c6dbca4a8bee8c9972ec0a7c
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Mar 9 16:09:04 2015 +0000

    Clear state in DTLSv1_listen
    This is a backport of commit e83ee04bb7de800cdb71d522fa562e99328003a3 from
    the master branch (and this has also been applied to 1.0.2). In 1.0.2 this
    was CVE-2015-0207. For other branches there is no known security issue, but
    this is being backported as a precautionary measure.
    The DTLSv1_listen function is intended to be stateless and processes
    the initial ClientHello from many peers. It is common for user code to
    loop over the call to DTLSv1_listen until a valid ClientHello is received
    with an associated cookie. A defect in the implementation of DTLSv1_listen
    means that state is preserved in the SSL object from one invokation to the
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (cherry picked from commit cce3e4adb78a8d3eeb6e0e4efe332fcc5d75f615)


Summary of changes:
 ssl/d1_lib.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index f494e04..6e8b7d4 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -481,6 +481,9 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
     int ret;
+    /* Ensure there is no state left over from a previous invocation */
+    SSL_clear(s);
     SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
     s->d1->listen = 1;

More information about the openssl-commits mailing list