diff options
| author | Matt Caswell <matt@openssl.org> | 2015-03-02 10:27:10 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-03-19 12:11:02 +0100 |
| commit | 1d2a18dc5a3b3363e17db5af8b6b0273856ac077 (patch) | |
| tree | bcf2a22522fb21ec678e0fb38eb645216e2bd5bc /ssl | |
| parent | Configure: fold related configurations more aggressively and clean-up. (diff) | |
| download | openssl-1d2a18dc5a3b3363e17db5af8b6b0273856ac077.tar.xz openssl-1d2a18dc5a3b3363e17db5af8b6b0273856ac077.zip | |
Multiblock corrupted pointer fix
OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This
feature only applies on 64 bit x86 architecture platforms that support AES
NI instructions. A defect in the implementation of "multiblock" can cause
OpenSSL's internal write buffer to become incorrectly set to NULL when
using non-blocking IO. Typically, when the user application is using a
socket BIO for writing, this will only result in a failed connection.
However if some other BIO is used then it is likely that a segmentation
fault will be triggered, thus enabling a potential DoS attack.
CVE-2015-0290
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/s3_pkt.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 66fa9d1d16..cf02e49f76 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -804,7 +804,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) i = ssl3_write_pending(s, type, &buf[tot], nw); if (i <= 0) { - if (i < 0) { + if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) { OPENSSL_free(wb->buf); wb->buf = NULL; } |