![Please Enable Javascript]()
{"schema":"libjg2-1",
"vpath":"/git/",
"avatar":"/git/avatar/",
"alang":"",
"gen_ut":1755805205,
"reponame":"openssl",
"desc":"OpenSSL",
"owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl",
"f":3,
"items": [
{"schema":"libjg2-1",
"cid":"cb1fc595760a700b0f9fe50b3bd07f9c",
"commit": {"type":"commit",
"time": 1426770073,
"time_ofs": 0,
"oid_tree": { "oid": "e8f888b240b8e2b8e2e5ed013e3c5e1d71c57d8f", "alias": []},
"oid":{ "oid": "d3cc5e610d1719a35cda52c9152134b490a8c944", "alias": []},
"msg": "Fix DHE Null CKE vulnerability",
"sig_commit": { "git_time": { "time": 1426770073, "offset": 0 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" },
"sig_author": { "git_time": { "time": 1426005512, "offset": 0 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" }},
"body": "Fix DHE Null CKE vulnerability\n\nIf client auth is used then a server can seg fault in the event of a DHE\ncipher being used and a zero length ClientKeyExchange message being sent\nby the client. This could be exploited in a DoS attack.\n\nCVE-2015-1787\n\nReviewed-by: Richard Levitte \u003clevitte@openssl.org\u003e\n"
,
"diff": "diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c\nindex e5346b6..f8c7e37 100644\n--- a/ssl/s3_srvr.c\n+++ b/ssl/s3_srvr.c\n@@ -2233,10 +2233,17 @@ int ssl3_get_client_key_exchange(SSL *s)\n if (alg_k \u0026 (SSL_kDHE | SSL_kDHr | SSL_kDHd)) {\n int idx \u003d -1;\n EVP_PKEY *skey \u003d NULL;\n- if (n)\n+ if (n \u003e 1) {\n n2s(p, i);\n- else\n+ } else {\n+ if (alg_k \u0026 SSL_kDHE) {\n+ al \u003d SSL_AD_HANDSHAKE_FAILURE;\n+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,\n+ SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);\n+ goto f_err;\n+ }\n i \u003d 0;\n+ }\n if (n \u0026\u0026 n !\u003d i + 2) {\n if (!(s-\u003eoptions \u0026 SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {\n SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,\n","s":{"c":1755805205,"u": 8848}}
],"g": 10512,"chitpc": 0,"ehitpc": 0,"indexed":0
,
"ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}