aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/openssl/ssl/s3_clnt.c
diff options
context:
space:
mode:
authorXin LI <delphij@FreeBSD.org>2013-04-02 17:34:42 +0000
committerXin LI <delphij@FreeBSD.org>2013-04-02 17:34:42 +0000
commit0d9d75b124880ee5a3aeb5c2af92a04340c02bef (patch)
tree953639ad57c000dc6351819b4798541490d39802 /crypto/openssl/ssl/s3_clnt.c
parent660eb4006e69a82831062be4a4af070afccf64bc (diff)
downloadsrc-releng/9.0.tar.gz
src-releng/9.0.zip
Fix OpenSSL multiple vulnerabilities. [13:03]releng/9.0
Fix BIND remote denial of service. [13:04] Security: CVE-2013-0166, CVE-2013-0169 Security: FreeBSD-SA-13:03.openssl Security: CVE-2013-2266 Security: FreeBSD-SA-13:04.bind Approved by: so
Notes
Notes: svn path=/releng/9.0/; revision=249029
Diffstat (limited to 'crypto/openssl/ssl/s3_clnt.c')
-rw-r--r--crypto/openssl/ssl/s3_clnt.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/crypto/openssl/ssl/s3_clnt.c b/crypto/openssl/ssl/s3_clnt.c
index a7cb7a1ebf30..a17beb8a3bf8 100644
--- a/crypto/openssl/ssl/s3_clnt.c
+++ b/crypto/openssl/ssl/s3_clnt.c
@@ -262,7 +262,16 @@ int ssl3_connect(SSL *s)
ret=ssl3_get_server_hello(s);
if (ret <= 0) goto end;
if (s->hit)
+ {
s->state=SSL3_ST_CR_FINISHED_A;
+#ifndef OPENSSL_NO_TLSEXT
+ if (s->tlsext_ticket_expected)
+ {
+ /* receive renewed session ticket */
+ s->state=SSL3_ST_CR_SESSION_TICKET_A;
+ }
+#endif
+ }
else
s->state=SSL3_ST_CR_CERT_A;
s->init_num=0;
@@ -878,7 +887,7 @@ int ssl3_get_server_hello(SSL *s)
/* wrong packet length */
al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH);
- goto err;
+ goto f_err;
}
return(1);
@@ -1713,7 +1722,7 @@ int ssl3_get_new_session_ticket(SSL *s)
if (n < 6)
{
/* need at least ticket_lifetime_hint + ticket length */
- al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
+ al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
goto f_err;
}
@@ -1724,7 +1733,7 @@ int ssl3_get_new_session_ticket(SSL *s)
/* ticket_lifetime_hint + ticket_length + ticket */
if (ticklen + 6 != n)
{
- al = SSL3_AL_FATAL,SSL_AD_DECODE_ERROR;
+ al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
goto f_err;
}