Skip to content
Commit 1257adec authored by David Benjamin's avatar David Benjamin Committed by Matt Caswell
Browse files

Tighten up logic around ChangeCipherSpec.



ChangeCipherSpec messages have a defined value. They also may not occur
in the middle of a handshake message. The current logic will accept a
ChangeCipherSpec with value 2. It also would accept up to three bytes of
handshake data before the ChangeCipherSpec which it would discard
(because s->init_num gets reset).

Instead, require that s->init_num is 0 when a ChangeCipherSpec comes in.

RT#4391

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent 46417569
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment