Loading CHANGES +10 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,16 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] *) In ssl23_get_client_hello, generate an error message when faced with an initial SSL 3.0/TLS record that is too small to contain the first two bytes of the ClientHello message, i.e. client_version. (Note that this is a pathologic case that probably has never happened in real life.) The previous approach was to use the version number from the record header as a subsitute; but our protocol choice should not depend on that one because it is not authenticated by the Finished messages. [Bodo Moeller] *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is not set then we don't setup the error code for issuer check errors to avoid possibly overwriting other errors which the callback does Loading ssl/s23_srvr.c +13 −8 Original line number Diff line number Diff line Loading @@ -348,16 +348,21 @@ int ssl23_get_client_hello(SSL *s) * SSLv3 or tls1 header */ v[0]=p[1]; /* major version */ v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */ /* We must look at client_version inside the Client Hello message * to get the correct minor version: */ v[1]=p[10]; /* However if we have only a pathologically small fragment of the * Client Hello message, we simply use the version from the * record header -- this is incorrect but unlikely to fail in * practice */ * to get the correct minor version. * However if we have only a pathologically small fragment of the * Client Hello message, this would be difficult, we'd have * to read at least one additional record to find out. * This doesn't usually happen in real life, so we just complain * for now. */ if (p[3] == 0 && p[4] < 6) v[1]=p[2]; { SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); goto err; } v[1]=p[10]; /* minor version according to client_version */ if (v[1] >= TLS1_VERSION_MINOR) { if (!(s->options & SSL_OP_NO_TLSv1)) Loading ssl/ssl.h +1 −0 Original line number Diff line number Diff line Loading @@ -1471,6 +1471,7 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_R_READ_WRONG_PACKET_TYPE 212 #define SSL_R_RECORD_LENGTH_MISMATCH 213 #define SSL_R_RECORD_TOO_LARGE 214 #define SSL_R_RECORD_TOO_SMALL 1093 #define SSL_R_REQUIRED_CIPHER_MISSING 215 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 Loading ssl/ssl_err.c +1 −0 Original line number Diff line number Diff line Loading @@ -327,6 +327,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_READ_WRONG_PACKET_TYPE ,"read wrong packet type"}, {SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"}, {SSL_R_RECORD_TOO_LARGE ,"record too large"}, {SSL_R_RECORD_TOO_SMALL ,"record too small"}, {SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"}, {SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"}, {SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"}, Loading Loading
CHANGES +10 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,16 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] *) In ssl23_get_client_hello, generate an error message when faced with an initial SSL 3.0/TLS record that is too small to contain the first two bytes of the ClientHello message, i.e. client_version. (Note that this is a pathologic case that probably has never happened in real life.) The previous approach was to use the version number from the record header as a subsitute; but our protocol choice should not depend on that one because it is not authenticated by the Finished messages. [Bodo Moeller] *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is not set then we don't setup the error code for issuer check errors to avoid possibly overwriting other errors which the callback does Loading
ssl/s23_srvr.c +13 −8 Original line number Diff line number Diff line Loading @@ -348,16 +348,21 @@ int ssl23_get_client_hello(SSL *s) * SSLv3 or tls1 header */ v[0]=p[1]; /* major version */ v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */ /* We must look at client_version inside the Client Hello message * to get the correct minor version: */ v[1]=p[10]; /* However if we have only a pathologically small fragment of the * Client Hello message, we simply use the version from the * record header -- this is incorrect but unlikely to fail in * practice */ * to get the correct minor version. * However if we have only a pathologically small fragment of the * Client Hello message, this would be difficult, we'd have * to read at least one additional record to find out. * This doesn't usually happen in real life, so we just complain * for now. */ if (p[3] == 0 && p[4] < 6) v[1]=p[2]; { SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); goto err; } v[1]=p[10]; /* minor version according to client_version */ if (v[1] >= TLS1_VERSION_MINOR) { if (!(s->options & SSL_OP_NO_TLSv1)) Loading
ssl/ssl.h +1 −0 Original line number Diff line number Diff line Loading @@ -1471,6 +1471,7 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_R_READ_WRONG_PACKET_TYPE 212 #define SSL_R_RECORD_LENGTH_MISMATCH 213 #define SSL_R_RECORD_TOO_LARGE 214 #define SSL_R_RECORD_TOO_SMALL 1093 #define SSL_R_REQUIRED_CIPHER_MISSING 215 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 Loading
ssl/ssl_err.c +1 −0 Original line number Diff line number Diff line Loading @@ -327,6 +327,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_READ_WRONG_PACKET_TYPE ,"read wrong packet type"}, {SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"}, {SSL_R_RECORD_TOO_LARGE ,"record too large"}, {SSL_R_RECORD_TOO_SMALL ,"record too small"}, {SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"}, {SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"}, {SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"}, Loading
