From b27973b2f58870488a05a1a3704f150a9d3af785 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 29 Jul 2014 21:23:30 +0100
Subject: [PATCH 12/16] Fix SRP ciphersuite DoS vulnerability.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If a client attempted to use an SRP ciphersuite and it had not been
set up correctly it would crash with a null pointer read. A malicious
server could exploit this in a DoS attack.

Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon
for reporting this issue.

CVE-2014-5139
Reviewed-by: Tim Hudson <tjh@openssl.org>
---
 ssl/s3_clnt.c | 9 +++++++++
 ssl/ssl_lib.c | 5 +++++
 2 files changed, 14 insertions(+)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index df05f78..0aba7e5 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -954,6 +954,15 @@ int ssl3_get_server_hello(SSL *s)
 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
 		goto f_err;
 		}
+#ifndef OPENSSL_NO_SRP
+	if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP)) &&
+		    !(s->srp_ctx.srp_Mask & SSL_kSRP))
+		{
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
+		goto f_err;
+		}
+#endif /* OPENSSL_NO_SRP */
 	p+=ssl_put_cipher_by_char(s,NULL,NULL);
 
 	sk=ssl_get_ciphers_by_id(s);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index ef6258c..82a2c80 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1406,6 +1406,11 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
 		    s->psk_client_callback == NULL)
 			continue;
 #endif /* OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+		if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP)) &&
+		    !(s->srp_ctx.srp_Mask & SSL_kSRP))
+		    continue;
+#endif /* OPENSSL_NO_SRP */
 		j = put_cb(c,p);
 		p+=j;
 		}
-- 
2.0.1