diff options
author | Bodo Möller <bodo@openssl.org> | 2000-09-22 21:39:33 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2000-09-22 21:39:33 +0000 |
commit | f1192b7f2e2b6683333ee99ff7def5bb413dc3d2 (patch) | |
tree | 817d5d6087958de805c73db1b910d239300620ce /ssl/s23_srvr.c | |
parent | dbba890cf11f5ec1e44166a51e0a4062ccdc5279 (diff) |
Avoid protocol rollback.
Diffstat (limited to 'ssl/s23_srvr.c')
-rw-r--r-- | ssl/s23_srvr.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index a81544a1b6..050618235f 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -348,16 +348,21 @@ int ssl23_get_client_hello(SSL *s) * SSLv3 or tls1 header */ - v[0]=p[1]; /* major version */ + v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */ /* We must look at client_version inside the Client Hello message - * to get the correct minor version: */ - v[1]=p[10]; - /* However if we have only a pathologically small fragment of the - * Client Hello message, we simply use the version from the - * record header -- this is incorrect but unlikely to fail in - * practice */ + * to get the correct minor version. + * However if we have only a pathologically small fragment of the + * Client Hello message, this would be difficult, we'd have + * to read at least one additional record to find out. + * This doesn't usually happen in real life, so we just complain + * for now. + */ if (p[3] == 0 && p[4] < 6) - v[1]=p[2]; + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); + goto err; + } + v[1]=p[10]; /* minor version according to client_version */ if (v[1] >= TLS1_VERSION_MINOR) { if (!(s->options & SSL_OP_NO_TLSv1)) |