projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
PR: 2118
[openssl.git] / ssl / s23_srvr.c
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index ddf5d4c3f54b9e239b89b85a8c1876629e4f9e9d..773c0e38d81e581d7d397ba6c9624a4a3d8c13f5 100644 (file)
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -488,6 +488,11 @@ int ssl23_get_client_hello(SSL *s)
                SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
                goto err;
 #else
+               if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+                       {
+                       SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+                       goto err;
+                       }
                /* we are talking sslv2 */
                /* we need to clean up the SSLv3/TLSv1 setup and put in the
                 * sslv2 stuff. */
@@ -545,6 +550,10 @@ int ssl23_get_client_hello(SSL *s)
                         * for SSLv3 */
                        s->rstate=SSL_ST_READ_HEADER;
                        s->packet_length=n;
+                       if (s->s3->rbuf.buf == NULL)
+                               if (!ssl3_setup_read_buffer(s))
+                                       goto err;
+
                        s->packet= &(s->s3->rbuf.buf[0]);
                        memcpy(s->packet,buf,n);
                        s->s3->rbuf.left=n;
Unnamed repository; edit this file 'description' to name the repository.