diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-02-16 15:25:39 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-02-16 15:25:39 +0000 |
commit | a8314df9023e4e1d92c04e09e2afb02c98ed5e2b (patch) | |
tree | b0d794f96d081038d449dec80391c1c80b3af324 /ssl | |
parent | 0cd7a0325fa31189d155c2789f1a38cad72d0982 (diff) |
Fix bug in CVE-2011-4619: check we have really received a client hello
before rejecting multiple SGC restarts.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_srvr.c | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index a60e4d699c..5944d8c484 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -870,14 +870,6 @@ int ssl3_check_client_hello(SSL *s) int ok; long n; - /* We only allow the client to restart the handshake once per - * negotiation. */ - if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) - { - SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS); - return -1; - } - /* this function is called when we really expect a Certificate message, * so permit appropriate message length */ n=s->method->ssl_get_message(s, @@ -890,6 +882,13 @@ int ssl3_check_client_hello(SSL *s) s->s3->tmp.reuse_message = 1; if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) { + /* We only allow the client to restart the handshake once per + * negotiation. */ + if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) + { + SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS); + return -1; + } /* Throw away what we have done so far in the current handshake, * which will now be aborted. (A full SSL_clear would be too much.) */ #ifndef OPENSSL_NO_DH |