}
if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
{
+ BUF_MEM_free(buf);
ret= -1;
goto end;
}
}
}
}
+ /* p[4] < 5 ... silly record length? */
else if ((p[0] == SSL3_RT_HANDSHAKE) &&
(p[1] == SSL3_VERSION_MAJOR) &&
(p[5] == SSL3_MT_CLIENT_HELLO) &&
- ((p[3] == 0 && p[4] < 5 /* silly record length? */)
+ ((p[3] == 0 && p[4] < 5)
|| (p[9] >= p[1])))
{
/*
v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
v[1] = p[4];
- /* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
+ /*-
+ * An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
* header is sent directly on the wire, not wrapped as a TLS
* record. It's format is:
* Byte Content
if (j <= 0) return(j);
ssl3_finish_mac(s, s->packet+2, s->packet_length-2);
+
+ /* CLIENT-HELLO */
if (s->msg_callback)
- s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
+ s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg);
p=s->packet;
p+=5;