root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Fix for CVE-2014-0195 

A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Fixed by adding consistency check for DTLS fragments.

Thanks to Jüri Aedla for reporting this issue.
This commit is contained in:
Dr. Stephen Henson 2014-05-13 18:48:31 +01:00
parent f1f4fbde2a
commit 1632ef7448
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ssl/d1_both.c
View File

@ -627,7 +627,16 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
frag->msg_header.frag_off = 0; frag->msg_header.frag_off = 0;
} }
else else
{
frag = (hm_fragment*) item->data; frag = (hm_fragment*) item->data;
if (frag->msg_header.msg_len != msg_hdr->msg_len)
{
item = NULL;
frag = NULL;
goto err;
}
}
/* If message is already reassembled, this must be a /* If message is already reassembled, this must be a
* retransmit and can be dropped. * retransmit and can be dropped.