diff options
author | Emilia Kasper <emilia@openssl.org> | 2015-08-18 19:01:51 +0200 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2015-08-26 13:23:24 +0200 |
commit | 9cc3e8f1f2b9e9c36a2f61e914bc9711c35568b6 (patch) | |
tree | ff97c2fd4d3a648835417e9bf66b533c4636d951 /ssl | |
parent | 2aa815c343357524aa5a3775994d694de65544f8 (diff) |
Fix SSLv2-compatible ClientHello processing.
If the client challenge is less than 32 bytes, it is padded with leading - not trailing - zero bytes.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_srvr.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 8bdb082999..2d15c63b6b 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1057,7 +1057,9 @@ int ssl3_get_client_hello(SSL *s) /* Load the client random */ i = (cl > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : cl; memset(s->s3->client_random, 0, SSL3_RANDOM_SIZE); - if (!PACKET_peek_copy_bytes(&pkt, s->s3->client_random, i) + if (!PACKET_peek_copy_bytes(&pkt, + s->s3->client_random + SSL3_RANDOM_SIZE - i, + i) || !PACKET_forward(&pkt, cl) || PACKET_remaining(&pkt) != 0) { SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH); |