projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d58a852)
Fix d2i_SSL_SESSION for DTLS1_BAD_VER
authorMatt Caswell <matt@openssl.org>
Fri, 27 Feb 2015 16:52:07 +0000 (16:52 +0000)
committerMatt Caswell <matt@openssl.org>
Fri, 27 Feb 2015 20:32:49 +0000 (20:32 +0000)
Some Cisco appliances use a pre-standard version number for DTLS. We support
this as DTLS1_BAD_VER within the code.

This change fixes d2i_SSL_SESSION for that DTLS version.

Based on an original patch by David Woodhouse <dwmw2@infradead.org>

RT#3704

Reviewed-by: Tim Hudson <tjh@openssl.org>
Conflicts:
ssl/ssl_asn1.c

Conflicts:
ssl/dtls1.h

ssl/dtls1.h patch | blob | history
ssl/ssl_asn1.c patch | blob | history

diff --git a/ssl/dtls1.h b/ssl/dtls1.h
index 442167a74c291187710a5bc4cfd62cf4e21d2784..8deb299a7c85166acdadbf76a2199338b192804f 100644 (file)
--- a/ssl/dtls1.h
+++ b/ssl/dtls1.h
@@ -85,6 +85,7 @@ extern "C" {
 
 # define DTLS1_VERSION                   0xFEFF
 # define DTLS_MAX_VERSION                DTLS1_VERSION
+# define DTLS1_VERSION_MAJOR             0xFE
 
 # define DTLS1_BAD_VER                   0x0100
 
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index f8c265cdde77744094f80f7446d42d39ca0ec65e..39d48eabf03b95c07a8cab1312ca941c6e1a2e71 100644 (file)
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -421,7 +421,9 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
         id = 0x02000000L |
             ((unsigned long)os.data[0] << 16L) |
             ((unsigned long)os.data[1] << 8L) | (unsigned long)os.data[2];
-    } else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {
+    } else if ((ssl_version >> 8) == SSL3_VERSION_MAJOR
+        || (ssl_version >> 8) == DTLS1_VERSION_MAJOR
+        || ssl_version == DTLS1_BAD_VER) {
         if (os.length != 2) {
             c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
             c.line = __LINE__;
Unnamed repository; edit this file 'description' to name the repository.