openssl/openssl-1.0.1e-cve-2013-4353.patch

Fix for TLS record tampering bug. A carefully crafted invalid 
handshake could crash OpenSSL with a NULL pointer exception.
Thanks to Anton Johansson for reporting this issues.
(CVE-2013-4353)
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 1e5dcab..53b9390 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -210,7 +210,11 @@ static void ssl3_take_mac(SSL *s)
 	{
 	const char *sender;
 	int slen;
-
+	/* If no new cipher setup return immediately: other functions will
+	 * set the appropriate error.
+	 */
+	if (s->s3->tmp.new_cipher == NULL)
+		return;
 	if (s->state & SSL_ST_CONNECT)
 		{
 		sender=s->method->ssl3_enc->server_finished_label;
Two security fixes - fix CVE-2013-4353 - Invalid TLS handshake crash - fix CVE-2013-6450 - possible MiTM attack on DTLS1 2014-01-07 14:09:40 +00:00			`Fix for TLS record tampering bug. A carefully crafted invalid`
			`handshake could crash OpenSSL with a NULL pointer exception.`
			`Thanks to Anton Johansson for reporting this issues.`
			`(CVE-2013-4353)`
			`diff --git a/ssl/s3_both.c b/ssl/s3_both.c`
			`index 1e5dcab..53b9390 100644`
			`--- a/ssl/s3_both.c`
			`+++ b/ssl/s3_both.c`
			`@@ -210,7 +210,11 @@ static void ssl3_take_mac(SSL *s)`
			`{`
			`const char *sender;`
			`int slen;`
			`-`
			`+ /* If no new cipher setup return immediately: other functions will`
			`+ * set the appropriate error.`
			`+ */`
			`+ if (s->s3->tmp.new_cipher == NULL)`
			`+ return;`
			`if (s->state & SSL_ST_CONNECT)`
			`{`
			`sender=s->method->ssl3_enc->server_finished_label;`