Note that EGD is used automatically.

[openssl.git] / ssl / s23_srvr.c

diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index a81544a1b62a99a15f54cfa2960ca97d3bb6580a..050618235f0a6cfa0126581eb7531c0364bce3f7 100644 (file)
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -348,16 +348,21 @@ int ssl23_get_client_hello(SSL *s)
                         * SSLv3 or tls1 header
                         */
                        
-                       v[0]=p[1]; /* major version */
+                       v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
                        /* We must look at client_version inside the Client Hello message
-                        * to get the correct minor version: */
-                       v[1]=p[10];
-                       /* However if we have only a pathologically small fragment of the
-                        * Client Hello message, we simply use the version from the
-                        * record header -- this is incorrect but unlikely to fail in
-                        * practice */
+                        * to get the correct minor version.
+                        * However if we have only a pathologically small fragment of the
+                        * Client Hello message, this would be difficult, we'd have
+                        * to read at least one additional record to find out.
+                        * This doesn't usually happen in real life, so we just complain
+                        * for now.
+                        */
                        if (p[3] == 0 && p[4] < 6)
-                               v[1]=p[2];
+                               {
+                               SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
+                               goto err;
+                               }
+                       v[1]=p[10]; /* minor version according to client_version */
                        if (v[1] >= TLS1_VERSION_MINOR)
                                {
                                if (!(s->options & SSL_OP_NO_TLSv1))