Commit 9cc3e8f1 authored by Emilia Kasper's avatar Emilia Kasper
Browse files

Fix SSLv2-compatible ClientHello processing. 



If the client challenge is less than 32 bytes, it is padded with leading - not trailing - zero bytes.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent 2aa815c3

ssl/s3_srvr.c

+3 −1
Original line number Diff line number Diff line
@@ -1057,7 +1057,9 @@ int ssl3_get_client_hello(SSL *s) 
        /* Load the client random */

        i = (cl > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : cl;

        memset(s->s3->client_random, 0, SSL3_RANDOM_SIZE);

        if (!PACKET_peek_copy_bytes(&pkt, s->s3->client_random, i)

        if (!PACKET_peek_copy_bytes(&pkt,

                                    s->s3->client_random + SSL3_RANDOM_SIZE - i,

                                    i)

                || !PACKET_forward(&pkt, cl)

                || PACKET_remaining(&pkt) != 0) {

            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH);