Blame SOURCES/openssl-1.0.1e-cve-2013-4353.patch

2b5643
Fix for TLS record tampering bug. A carefully crafted invalid 
2b5643
handshake could crash OpenSSL with a NULL pointer exception.
2b5643
Thanks to Anton Johansson for reporting this issues.
2b5643
(CVE-2013-4353)
2b5643
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
2b5643
index 1e5dcab..53b9390 100644
2b5643
--- a/ssl/s3_both.c
2b5643
+++ b/ssl/s3_both.c
2b5643
@@ -210,7 +210,11 @@ static void ssl3_take_mac(SSL *s)
2b5643
 	{
2b5643
 	const char *sender;
2b5643
 	int slen;
2b5643
-
2b5643
+	/* If no new cipher setup return immediately: other functions will
2b5643
+	 * set the appropriate error.
2b5643
+	 */
2b5643
+	if (s->s3->tmp.new_cipher == NULL)
2b5643
+		return;
2b5643
 	if (s->state & SSL_ST_CONNECT)
2b5643
 		{
2b5643
 		sender=s->method->ssl3_enc->server_finished_label;